This is a summary of the AI-generated 10-question deep analysis. The full version (longer answers, follow-up Q&A, related CVEs) requires login. Read the full analysis β
Q1What is this vulnerability? (Essence + Consequences)
π¨ **Essence**: Path Traversal (CWE-22) in HT Contact Form Widget. π **Consequences**: High Integrity & Availability impact.β¦
π― **Affected**: WordPress Plugin: **HT Contact Form β Drag & Drop Form Builder**. π¦ **Version**: 2.2.1 and earlier. π’ **Vendor**: htplugins. If you use this form builder, you are at risk. π
Q4What can hackers do? (Privileges/Data)
π **Attacker Actions**: Full file read/write access. π Can read config files (DB creds), core WP files, or inject malicious PHP shells. π **Privileges**: No authentication required (PR:N).β¦
πͺ **Threshold**: LOW. π‘οΈ **Auth**: None required (PR:N). π **Network**: Network accessible (AV:N). π±οΈ **UI**: No user interaction needed (UI:N). π **Complexity**: Low (AC:L). Easy to exploit remotely. β‘
Q6Is there a public Exp? (PoC/Wild Exploitation)
π **Public Exp?**: No specific PoC code provided in the data. π **References**: WordFence and WP Trac links exist. π΅οΈββοΈ **Status**: Likely exploitable given CVSS 3.1/AV:N/AC:L/PR:N.β¦
π **Self-Check**: Scan for plugin `ht-contactform`. π **Version Check**: Ensure version > 2.2.1. π§ͺ **Test**: Look for file inclusion errors in logs if testing safely.β¦