ThreatPress

WordPress Vulnerabilities Database

Back

Simple Contact Info plugin <= v1.1.9 - Authenticated Arbitrary File Deletion Vulnerability

Product
Simple Contact Info
Description
Recently we (ThreatPress) discovered authenticated arbitrary file deletion vulnerability in Simple Contact Info plugin. The plugin has 6000+ active installs according to wordpress.org, but it has not been updated in 3 years. In inc/contat-ajax.php, The code in sci_ajax_delete_icon_callback function doesn’t check for a valid nonce, user role and file path.
Solution
The plugin is closed and not available for download anymore. We recommend you to find an alternative plugin.
Classification
Type BYPASS
OWASP Top 10 A7: Missing Function Level Access Control
References
ThreatPress Labs
CVE
Name CVE-N/A
Versions
Affected In <= v1.1.9
Disclosure date
2018-02-07
Credits
ThreatPress
Submitter
ThreatPress Labs