Medium severity5.3NVD Advisory· Published May 2, 2024· Updated Jun 17, 2026
CVE-2024-3870
CVE-2024-3870
Description
The Contact Form 7 Database Addon – CFDB7 plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 1.2.6.8 via the cfdb7_before_send_mail function. This can allow unauthenticated attackers to extract sensitive data, such as Personally Identifiable Information, from files uploaded by users.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: <=1.2.6.8
- Range: <=1.2.6.8
Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.