CVE-2026-40769

HIGH8.6JSON export Create alert

Description

Unauthenticated Arbitrary File Deletion in Contact Form Extender for Divi – Save Entries, File Upload & Country Code Field <= 1.0.6 versions.

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

None

Integrity

None

Availability

High

Affected products

Satinder Singh / Contact Form Extender for Divi – Save Entries, File Upload & Country Code Fieldn/a – 1.0.6

References

MISChttps://patchstack.com/database/wordpress/plugin/contact-form-extender-for-divi-builder/vulnerability/wordpress-contact-form-extender-for-divi-save-entries-file-upload-country-code-field-plugin-1-0-6-arbitrary-file-deletion-vulnerability?_s_id=cve