CVE-2024-1169

2024-03-0711:01:58

Wordfence

www.cve.org

wordpress

post form

unauthorized media upload

missing capability check

ugc plugin

cve-2024-1169

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

0.0004 Low

EPSS

Percentile

15.7%

JSON

The Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) plugin for WordPress is vulnerable to unauthorized media upload due to a missing capability check on the buddyforms_upload_handle_dropped_media function in all versions up to, and including, 2.8.7. This makes it possible for unauthenticated attackers to upload media files.

CNA Affected

[
  {
    "vendor": "svenl77",
    "product": "Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC)",
    "versions": [
      {
        "version": "*",
        "status": "affected",
        "lessThanOrEqual": "2.8.7",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

References

plugins.trac.wordpress.org/browser/buddyforms/trunk/includes/functions.php#L1466

plugins.trac.wordpress.org/changeset/3046092/buddyforms/trunk/includes/functions.php?contextall=1&old=3023795&old_path=%2Fbuddyforms%2Ftrunk%2Fincludes%2Ffunctions.php

www.wordfence.com/threat-intel/vulnerabilities/id/6d14a90d-65ea-45da-956b-0735e2e2b538?source=cve