CVE-2021-24905 Information

Description

The Advanced Contact form 7 DB WordPress plugin before 1.8.7 does not have authorisation nor CSRF checks in the acf7_db_edit_scr_file_delete AJAX action and does not validate the file to be deleted allowing any authenticated user to delete arbitrary files on the web server. For example removing the wp-config.php allows attackers to trigger WordPress setup again gain administrator privileges and execute arbitrary code or display arbitrary content to the users.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Reference

https://wpscan.com/vulnerability/cf022415-6614-4b95-913b-802186766ae6

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

REQUIRED

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

8.0