CVE-2023-5822 in Drag and Drop Multiple File Upload Contact Form 7informação

Sumário

de MITRE • 22/11/2023

The Drag and Drop Multiple File Upload - Contact Form 7 plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'dnd_upload_cf7_upload' function in versions up to, and including, 1.3.7.3. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. This can be exploited if a user authorized to edit form, which means editor privileges or above, has added a 'multiple file upload' form field with '*' acceptable file types.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Responsável

Wordfence

Reservar

26/10/2023

Divulgação

22/11/2023

Moderação

aceite

Entrada

VDB-244289

CPE

pronto

EPSS

0.01793

KEV

não

Atividades

muito baixo

Fontes

Do you know our Splunk app?

Download it now for free!