ThreatPress

WordPress Vulnerabilities Database

Back

WordPress Cforms Plugin 14.7 - Remote Code Execution

Product
cForms
Description
Cforms plugin is prone to a remote code execution vulnerability, because of script does not check remotely cached files properly. Also, it can attack URL.
Solution
Upgrade the plugin.
Classification
Type Remote File Inclusion
References
Exploit-DB
CVE
Name CVE-2014-9473
Versions
Affected In <= 14.7
Fixed In 14.8
Disclosure date
2015-01-19
Credits
Zakhar