Medium severity5.3NVD Advisory· Published Dec 12, 2024· Updated Jun 17, 2026
CVE-2024-12255
CVE-2024-12255
Description
The Accept Stripe Payments Using Contact Form 7 plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.5 via the cf7sa-info.php file that returns phpinfo() data. This makes it possible for unauthenticated attackers to extract configuration information that can be leveraged in another attack.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- zealopensource/Accept Stripe Payments Using Contact Form 7v5Range: 0
Patches
Vulnerability mechanics
References
2- plugins.trac.wordpress.org/changesetnvdPatch
- www.wordfence.com/threat-intel/vulnerabilities/id/8a9e1325-1027-41ea-93be-c321aef61deanvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.