ThreatPress

WordPress Vulnerability Database

Back

WordPress Super Forms premium plugin <= 4.9.700 - Arbitrary File Upload leading to Remote Code Execution (RCE) vulnerability

Product
Super Forms
Description
Arbitrary File Upload leading to Remote Code Execution (RCE) vulnerability found by ABDO10 in WordPress Super Forms premium plugin (versions <= 4.9.700).
Solution
Update the WordPress Super Forms premium plugin to the latest available version (at least 4.9.703).
Classification
Type Arbitrary File Upload
OWASP Top 10 A1: Injection
References
Vulnerability details
Plugin changelog
CVE
Name CVE-N/A
Versions
Affected In <= 4.9.700
Fixed In 4.9.703
Disclosure date
2021-01-28
Credits
ABDO10