WordPress Plugin Vulnerabilities

Easy Form Builder by Bitware <= 1.0 - Authenticated Arbitrary File Upload

Description

The EFBP_verify_upload_file AJAX action of the plugin, available to authenticated users, does not have any security in place to verify uploaded files, allowing low-privilege users to upload arbitrary files, leading to RCE.

Proof of Concept

The PoC will be displayed once the issue has been remediated.

Affects Plugins

Plugin icon
easy-form-builder-by-bitware
No known fix

References

CVE
CVE-2021-24224
URL
https://github.com/jinhuang1102/CVE-ID-Reports/blob/e4c33529b20fa70e3a764ff9b1125839fb9900b5/Easy%20Form%20Builder.md

Miscellaneous

Original Researcher
Jin Huang
Submitter
Jin Huang
Submitter website
https://github.com/jinhuang1102
Submitter twitter
JinHuan70342329
Verified
Yes
WPVDB ID
ed0c054b-54bf-4df8-9015-c76704c93484

Timeline

Publicly Published
2021-03-26 (about 3 years ago)
Added
2021-03-26 (about 3 years ago)
Last Updated
2023-01-05 (about 1 years ago)

Other

Published
Title
Published
2021-07-01
Title
PWA for WP & AMP < 1.7.33 - Authenticated (Subscriber+) Arbitrary File Upload
Published
2020-07-28
Title
Comments - wpDiscuz 7.0.0 - 7.0.4 - Unauthenticated Arbitrary File Upload
Published
2014-08-01
Title
1 Flash Gallery - Arbitrary File Upload Exploit (MSF)
Published
2014-08-01
Title
Xerte Online <= 0.35 - File Upload
Published
2018-01-06
Title
LearnDash < 2.5.4 - Unauthenticated Arbitrary File Upload