WordPress Plugin Vulnerabilities
Caldera Forms Pro < 1.8.2 - Unauthenticated Arbitrary File Read
Description
According to the vendor:
"This update includes an important SECURITY fix that affects some Pro customers. If you do not have Caldera Forms Pro API keys activated, this issue does not affect you."
According to the original researchers:
"The Caldera Forms Pro vulnerability would allow attackers to read arbitrary files such as wp-config.php and leak database access credentials."
Affects Plugins
References
Classification
Type
TRAVERSAL
OWASP top 10
CWE
CVSS
Miscellaneous
Original Researcher
Sucuri
Submitter
Ryan Dewhurst
Submitter twitter
Verified
No
WPVDB ID
Timeline
Publicly Published
2019-03-07 (about 5 years ago)
Added
2019-03-11 (about 5 years ago)
Last Updated
2022-12-05 (about 1 years ago)