Vulnerability in Notifications For Forms & Wordpress Actions

CVE-2024-6228

The Notifications for Forms & WordPress Actions WordPress plugin before 2.6 does not validate a user-supplied value before using it to build a server-side file inclusion path, allowing authenticated users with subscriber-level access and a…

CVSS v3 metric

CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H.

Affected products

  • Unknown Notifications For Forms & Wordpress Actions — versions 0

References

Frequently asked questions

What is CVE-2024-6228?
CVE-2024-6228 is a high-severity vulnerability in Notifications For Forms & Wordpress Actions, classified under CWE-22 IMPROPER LIMITATION OF A PATHNAME TO A RESTRICTED DIRECTORY ('PATH TRAVERSAL'). CVSS score: 7.5/10. Published 2026-07-06.
How severe is CVE-2024-6228?
High severity. CVSS v3 base score is 7.5 out of 10.