WordPress Plugin Vulnerabilities
123ContactForm for WordPress <= 1.5.6 - Unauthenticated Arbitrary File Upload
Description
Attackers could use the Unauthenticated Arbitrary Post Creation issue (https://wpscan.com/vulnerability/d3ef5644-1044-492f-ac23-ea90b32f1e77) to also upload a PHP file via the cfp_upload_image() function which fails to properly verify that the file provided is an image.
Affects Plugins
References
Miscellaneous
Original Researcher
Rodrigo Escobar (Sucuri)
Verified
No
WPVDB ID
Timeline
Publicly Published
2021-01-20 (about 3 years ago)
Added
2021-01-20 (about 3 years ago)
Last Updated
2021-01-21 (about 3 years ago)