CVE-2024-12427

The Multi Step Form plugin for WordPress is vulnerable to unauthorized limited file upload due to a missing capability check on the fw_upload_file AJAX action in all versions up to, and including, 1.7.23. This makes it possible for unauthenticated attackers to upload limited file types such as images.

CVSS v3 5.3 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://plugins.trac.wordpress.org/browser/multi-step-form/tags/1.7.22/includes/lib/msf-shortcode.class.php#L100	Product
https://plugins.trac.wordpress.org/browser/multi-step-form/tags/1.7.22/includes/lib/msf-shortcode.class.php#L30	Product
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3219723%40multi-step-form&new=3219723%40multi-step-form&sfp_email=&sfph_mail=	Patch
https://www.wordfence.com/threat-intel/vulnerabilities/id/f0a31fee-ccc2-4c3b-b198-6cb750188113?source=cve	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:mondula:multi_step_form:*:*:*:*:*:wordpress:*:*

History

No history.

Information

Published : 2025-01-16 10:15

Updated : 2025-03-04 17:24

NVD link : CVE-2024-12427

Mitre link : CVE-2024-12427

CVE.ORG link : CVE-2024-12427

JSON object : View

Products Affected

mondula

multi_step_form

CWE

CWE-862

Missing Authorization

{"id": "CVE-2024-12427", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security@wordfence.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2025-01-16T10:15:07.243", "references": [{"url": "https://plugins.trac.wordpress.org/browser/multi-step-form/tags/1.7.22/includes/lib/msf-shortcode.class.php#L100", "tags": ["Product"], "source": "security@wordfence.com"}, {"url": "https://plugins.trac.wordpress.org/browser/multi-step-form/tags/1.7.22/includes/lib/msf-shortcode.class.php#L30", "tags": ["Product"], "source": "security@wordfence.com"}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3219723%40multi-step-form&new=3219723%40multi-step-form&sfp_email=&sfph_mail=", "tags": ["Patch"], "source": "security@wordfence.com"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f0a31fee-ccc2-4c3b-b198-6cb750188113?source=cve", "tags": ["Third Party Advisory"], "source": "security@wordfence.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "security@wordfence.com", "description": [{"lang": "en", "value": "CWE-862"}]}], "descriptions": [{"lang": "en", "value": "The Multi Step Form plugin for WordPress is vulnerable to unauthorized limited file upload due to a missing capability check on the fw_upload_file AJAX action in all versions up to, and including, 1.7.23. This makes it possible for unauthenticated attackers to upload limited file types such as images."}, {"lang": "es", "value": "El complemento Multi Step Form para WordPress es vulnerable a la carga limitada de archivos no autorizada debido a una verificaci\u00f3n de capacidad faltante en la acci\u00f3n AJAX fw_upload_file en todas las versiones hasta la 1.7.23 incluida. Esto permite que atacantes no autenticados carguen tipos de archivos limitados, como im\u00e1genes."}], "lastModified": "2025-03-04T17:24:20.370", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mondula:multi_step_form:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "8D1CAF64-CA9C-48F0-B8FD-36222B963018", "versionEndExcluding": "1.7.24"}], "operator": "OR"}]}], "sourceIdentifier": "security@wordfence.com"}