How severe is CVE-2024-7777?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9 out of 10.

What type of vulnerability is CVE-2024-7777?

This is classified as CWE-22, which is a common weakness in software security.

CVE-2024-7777 - CRITICAL Severity | CVSS 9

Vulnerability Description

The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to arbitrary file read and deletion due to insufficient file path validation in multiple functions in versions 2.0 to 2.13.9. This makes it possible for authenticated attackers, with Administrator-level access and above, to read and delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).

Related Vulnerabilities

CVE-2020-13376

CRITICAL

CVSS:9.0(Critical)

SecurEnvoy SecurMail 9.3.503 allows attackers to upload executable files and achieve OS command execution via a crafted SecurEnvoyReply cookie.

CWE-222020

CVE-2021-34422

CRITICAL

CVSS:9.0(Critical)

The Keybase Client for Windows before version 5.7.0 contains a path traversal vulnerability when checking the name of a file uploaded to a team folder. A malicious user could upload a file to a shared...

CWE-222021

CVE-2023-32297

CRITICAL

CVSS:9.0(Critical)

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in LWS LWS Affiliation allows PHP Local File Inclusion.This issue affects LWS Affiliation: from n/a through...

CWE-222023

CVE-2024-21400

CRITICAL

CVSS:9.0(Critical)

Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability

CWE-222024

CVE-2024-31231

CRITICAL

CVSS:9.0(Critical)

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Sizam Design Rehub allows PHP Local File Inclusion.This issue affects Rehub: from n/a through 19.6.1.

CWE-222024

CVE-2024-32002

CRITICAL

CVSS:9.0(Critical)

Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, repositories with submodules can be crafted in a way that exploits a bug in Git whereby ...

CWE-222024