CVE-2024-7484
CRM Perks Forms <= 1.1.3 - Authenticated (Administrator+) Arbitrary File Upload
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The CRM Perks Forms plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file validation on the 'handle_uploaded_files' function in versions up to, and including, 1.1.3. This makes it possible for authenticated attackers with administrator-level capabilities or above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
El complemento CRM Perks Forms para WordPress es vulnerable a cargas de archivos arbitrarias debido a una validación de archivos insuficiente en la función 'handle_uploaded_files' en versiones hasta la 1.1.3 incluida. Esto hace posible que atacantes autenticados con capacidades de nivel de administrador o superior carguen archivos arbitrarios en el servidor del sitio afectado, lo que puede hacer posible la ejecución remota de código.
CVSS Scores
SSVC
- Decision:Track*
Timeline
- 2024-08-05 CVE Reserved
- 2024-08-05 CVE Published
- 2024-08-06 CVE Updated
- 2024-08-06 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-434: Unrestricted Upload of File with Dangerous Type
CAPEC
References (3)
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Crmperks Search vendor "Crmperks" | CRM Perks Forms – WordPress Form Builder Search vendor "Crmperks" for product "CRM Perks Forms – WordPress Form Builder" | <= 1.1.3 Search vendor "Crmperks" for product "CRM Perks Forms – WordPress Form Builder" and version " <= 1.1.3" | en |
Affected
| ||||||