Описание
The Multi Step Form plugin for WordPress is vulnerable to unauthorized limited file upload due to a missing capability check on the fw_upload_file AJAX action in all versions up to, and including, 1.7.23. This makes it possible for unauthenticated attackers to upload limited file types such as images.
Ссылки
- Product
- Product
- Patch
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.7.24 (исключая)
cpe:2.3:a:mondula:multi_step_form:*:*:*:*:*:wordpress:*:*
EPSS
Процентиль: 63%
0.00442
Низкий
5.3 Medium
CVSS3
Дефекты
CWE-862
Связанные уязвимости
CVSS3: 5.3
github
около 1 года назад
The Multi Step Form plugin for WordPress is vulnerable to unauthorized limited file upload due to a missing capability check on the fw_upload_file AJAX action in all versions up to, and including, 1.7.23. This makes it possible for unauthenticated attackers to upload limited file types such as images.
EPSS
Процентиль: 63%
0.00442
Низкий
5.3 Medium
CVSS3
Дефекты
CWE-862