WordPress Plugin Vulnerabilities

MM Forms & MM Forms Community 2.2.6 - Unauthenticated Arbitrary File Upload

Description

Attackers have been seen probing for the "/wp-content/plugins/mm-forms/includes/doajaxfileupload.php" file.

Proof of Concept

Affects Plugins

Plugin icon
mm-forms-community
No known fix
Plugin icon
mm-forms
No known fix

References

CVE
CVE-2012-3574
Exploitdb
18997

Miscellaneous

Verified
No
WPVDB ID
d63ee057-6b4e-4ffc-9fbf-76c2c9ca20cc

Timeline

Publicly Published
2012-06-07 (about 13 years ago)
Added
2014-08-01 (about 11 years ago)
Last Updated
2020-02-26 (about 6 years ago)

Other

Published
Title
Published
2020-01-14
Title
Elementor < 2.7.5 - Authenticated Arbitrary File Upload
Published
2014-08-01
Title
Front File Manager 0.1 - Arbitrary File Upload
Published
2025-06-17
Title
CSV Me <= 2.0 - Authenticated (Administrator+) Arbitrary File Upload
Published
2026-03-23
Title
JupiterX Core < 4.14.2 - Authenticated (Subscriber+) Missing Authorization To Limited File Upload via Popup Template Import
Published
2021-09-01
Title
Secure File Manager <= 2.9.3 - Admin+ RCE