Skip to main content

Contact Form Extender For Divi 8211 Save Entries File Upload Amp Country Code Field

1 CVEs product

Monthly

CVE-2026-40769 HIGH This Week

Unauthenticated arbitrary file deletion in the WordPress plugin Contact Form Extender for Divi (versions <= 1.0.6) allows remote attackers to delete arbitrary files on the host filesystem via a path traversal flaw. Deletion of critical files such as wp-config.php can force WordPress into setup mode, enabling site takeover. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Path Traversal File Upload Contact Form Extender For Divi 8211 Save Entries File Upload Amp Country Code Field
NVD
CVSS 3.1
8.6
EPSS
0.4%
EPSS 0% CVSS 8.6
HIGH This Week

Unauthenticated arbitrary file deletion in the WordPress plugin Contact Form Extender for Divi (versions <= 1.0.6) allows remote attackers to delete arbitrary files on the host filesystem via a path traversal flaw. Deletion of critical files such as wp-config.php can force WordPress into setup mode, enabling site takeover. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Path Traversal File Upload Contact Form Extender For Divi 8211 Save Entries File Upload Amp Country Code Field
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy