3 matches found
CVE-2024-12427
The Multi Step Form plugin for WordPress is vulnerable to unauthorized limited file upload due to a missing capability check on the fwuploadfile AJAX action in all versions up to, and including, 1.7.23. This makes it possible for unauthenticated attackers to upload limited file types such as imag...
CVE-2024-12427
creationtimestamp| type| source ---|---|--- 2025-01-16 09:44:29+00:00| seen| https://infosec.exchange/users/cve/statuses/113837386587970746 2025-01-16 09:55:30+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/1927 2025-01-16 10:15:43+00:00| seen|...
CVE-2024-12427
CVE-2024-12427 affects the WordPress plugin Multi Step Form (aka Multi Step Form for WordPress). The issue is an unauthorized file upload via the fw_upload_file AJAX action, caused by a missing capability check in all versions up to and including 1.7.23. This allows unauthenticated attackers to u...