StickEasy Protected Contact Form WordPress Plugin Sensitive Information Disclosure Vulnerability
Vulnerability
A vulnerability allowing sensitive information disclosure exists in the StickEasy Protected Contact Form plugin for WordPress, affecting all versions through 1.0.2. The plugin improperly stores spam detection logs in a publicly accessible location within the uploads directory. This exposure allows unauthenticated attackers to download the log file and retrieve sensitive data, including visitor IP addresses, email addresses, and snippets of comments from contact form submissions marked as spam.
Impact
Exploitation of this vulnerability allows unauthorized users to access sensitive information, such as IP addresses, email addresses, and comment details from contact form submissions flagged as spam.
Remediation
Users can update to version 1.0.2 or a newer patched version to address this vulnerability.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.