Caldera Forms Pro < 1.8.2 – Unauthenticated Arbitrary File Read

Description

According to the vendor:

"This update includes an important SECURITY fix that affects some Pro customers. If you do not have Caldera Forms Pro API keys activated, this issue does not affect you."

According to the original researchers:

"The Caldera Forms Pro vulnerability would allow attackers to read arbitrary files such as wp-config.php and leak database access credentials."

Affects Plugins

caldera-forms-pro

Fixed in 1.8.2

References

URL

https://calderaforms.com/updates/caldera-forms-1-8-2/

URL

https://plugins.trac.wordpress.org/changeset/2046115/caldera-forms

URL

https://blog.sucuri.net/2019/03/vulnerability-disclosure-siteground-optimizer-caldera-forms.html

Classification

Type

TRAVERSAL

OWASP top 10

A1: Injection

CWE

CWE-22

CVSS

8.6 (high)

Miscellaneous

Original Researcher

Sucuri

Submitter

Ryan Dewhurst

Submitter twitter

ethicalhack3r

Verified

WPVDB ID

27a4a49c-0040-4381-b768-7d625a3229c0

Timeline

Publicly Published

2019-03-07 (about 5 years ago)

Added

2019-03-11 (about 5 years ago)

Last Updated

2022-12-05 (about 1 years ago)

Other

Published

Title

Published

2020-05-16

Title

Simple File List < 4.2.8 - Authenticated Arbitrary File Deletion

Published

2022-03-01

Title

String Locator < 2.5.0 - Admin+ Arbitrary File Read

Published

2023-12-01

Title

Hotel Booking Lite < 4.8.5 - Unauthenticated Arbitrary File Download & Deletion

Published

2021-11-11

Title

Download Plugin < 2.0.0 - Subscriber+ Website Download

Published

2021-12-01

Title

CAOS < 4.1.9 - Admin+ Arbitrary Folder Deletion via Path Traversal