NEX-Forms – Ultimate Form Builder – Contact forms and much more <= 8.8.1 - Unauthenticated Sensitive Information Exposure 漏洞信息(CVE-2024-13498)

一、漏洞 CVE-2024-13498 基础信息

美国国家漏洞数据库 NVD

漏洞标题

NEX-Forms – Ultimate Form Builder – Contact forms and much more <= 8.8.1 - Unauthenticated Sensitive Information Exposure

来源：美国国家漏洞数据库 NVD

漏洞描述信息

The NEX-Forms – Ultimate Form Builder – Contact forms and much more plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 8.8.1 via file uploads due to insufficient directory listing prevention and lack of randomization of file names. This makes it possible for unauthenticated attackers to extract sensitive data including files uploaded via a form.

来源：美国国家漏洞数据库 NVD

CVSS信息

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

来源：美国国家漏洞数据库 NVD

漏洞类别

信息暴露

来源：美国国家漏洞数据库 NVD

二、漏洞 CVE-2024-13498 的公开POC

#	POC 描述	源链接	神龙链接

三、漏洞 CVE-2024-13498 的情报信息

https://www.wordfence.com/threat-intel/vulnerabilities/id/f188a5e6-699e-4e1a-b4e4-7fb4056b0bee?source=cve
https://plugins.trac.wordpress.org/changeset/3235420/nex-forms-express-wp-form-builder
https://nvd.nist.gov/vuln/detail/CVE-2024-13498

一、 漏洞 CVE-2024-13498 基础信息

漏洞标题

漏洞描述信息

CVSS信息

漏洞类别

二、漏洞 CVE-2024-13498 的公开POC

三、漏洞 CVE-2024-13498 的情报信息

一、漏洞 CVE-2024-13498 基础信息