CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-51412 – WordPress Piotnet Forms Plugin <= 1.0.25 is vulnerable to Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2023-51412
27 Dec 2023 — Unrestricted Upload of File with Dangerous Type vulnerability in Piotnet Piotnet Forms.This issue affects Piotnet Forms: from n/a through 1.0.25. Vulnerabilidad de carga sin restricciones de archivos con tipo peligroso en Piotnet Piotnet Forms. Este problema afecta a Piotnet Forms: desde n/a hasta 1.0.25. The Piotnet Forms plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'piotnetforms_ajax_form_builder' function in all versions up to, and including, 1.0... • https://patchstack.com/database/vulnerability/piotnetforms/wordpress-piotnetforms-plugin-1-0-25-unauthenticated-arbitrary-file-upload-vulnerability?_s_id=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-6220 – Piotnet Forms <= 1.0.28 - Unauthenticated Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2023-6220
04 Dec 2023 — The Piotnet Forms plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'piotnetforms_ajax_form_builder' function in versions up to, and including, 1.0.26. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. El complemento Piotnet Forms para WordPress es vulnerable a la carga de archivos arbitrarios debido a una validación insuficiente del tipo de arc... • https://plugins.trac.wordpress.org/browser/piotnetforms/tags/1.0.26/inc/forms/ajax-form-builder.php#L430 • CWE-434: Unrestricted Upload of File with Dangerous Type •