CVE-2024-1069: 
WordPress vulnerability analysis and mitigation

CVE-2024-1069 affects the Contact Form Entries plugin for WordPress versions up to and including 1.3.2. The vulnerability was discovered and disclosed on January 30, 2024. This security issue impacts WordPress installations using the affected plugin versions, specifically targeting the 'view_page' function (NVD, WPScan).

The vulnerability is classified as an arbitrary file upload vulnerability due to insufficient file validation in the 'view_page' function. It has been assigned a CVSS v3.1 base score of 7.2 (HIGH), with the vector string CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H. The weakness is categorized under CWE-434 (Unrestricted Upload of File with Dangerous Type) (NVD).

When exploited, this vulnerability allows authenticated attackers with administrator-level capabilities or above to upload arbitrary files on the affected site's server. This could potentially lead to remote code execution, compromising the security of the affected WordPress installation (NVD, WPScan).

The vulnerability has been patched in version 1.3.3 of the Contact Form Entries plugin. Site administrators are strongly advised to update to this version or later to mitigate the risk (WPScan).