CVE-2024-50427 – WordPress SurveyJS plugin <= 1.9.136 - Arbitrary File Upload vulnerability

https://notcve.org/view.php?id=CVE-2024-50427

Unrestricted Upload of File with Dangerous Type vulnerability in Devsoft Baltic OÜ SurveyJS: Drag & Drop WordPress Form Builder.This issue affects SurveyJS: Drag & Drop WordPress Form Builder: from n/a through 1.9.136. Vulnerabilidad de carga sin restricciones de archivos con tipo peligroso en Devsoft Baltic OÜ SurveyJS: Drag &amp; Drop WordPress Form Builder. Este problema afecta a SurveyJS: Drag &amp; Drop WordPress Form Builder: desde n/a hasta 1.9.136. The SurveyJS: Drag & Drop WordPress Form Builder to create, style and embed multiple forms of any complexity plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 1.9.136. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://github.com/RandomRobbieBF/CVE-2024-50427 https://patchstack.com/database/vulnerability/surveyjs/wordpress-surveyjs-plugin-1-9-136-arbitrary-file-upload-vulnerability?_s_id=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •