WordPress Super Forms Bundle premium plugin <= 4.9.700 - Arbitrary File Upload leading to Remote Code Execution (RCE) vulnerability

Back

Product: Super Forms bundle
Description: Arbitrary File Upload leading to Remote Code Execution (RCE) vulnerability found by ABDO10 in WordPress Super Forms Bundle premium plugin (versions <= 4.9.700).
Solution: Update the WordPress Super Forms Bundle premium plugin to the latest available version (at least 4.9.703).
Classification: Type Arbitrary File Upload
OWASP Top 10 A1: Injection
References: Vulnerability details
Plugin changelog
CVE: Name CVE-N/A
Versions: Affected In <= 4.9.700
Fixed In 4.9.703
Disclosure date: 2021-01-28
Credits: ABDO10

ThreatPress