Lucene search

K
patchstackManish TanwarPATCHSTACK:8EB2A2CB29D8C8FFE6586069BB293E10
HistoryJan 29, 2016 - 12:00 a.m.

WordPress Formidable Forms Plugin <= 1.06.03 - Remote Code Execution

2016-01-2900:00:00
Manish Tanwar
patchstack.com
18
wordpress
formidable forms
plugin
remote code execution
update

This plugin is prone to remote code execution because of ofc_upload_image.php file parameters ($_GET[ β€˜name’ ] and $HTTP_RAW_POST_DATA).

Solution

           Update the plugin.

Affected configurations

Vulners
Node
strategy11formidable_form_builderRange≀1.06.03wordpress
VendorProductVersionCPE
strategy11formidable_form_builder*cpe:2.3:a:strategy11:formidable_form_builder:*:*:*:*:*:wordpress:*:*