WordPress Plugin Vulnerabilities
Easy Form Builder by Bitware <= 1.0 - Authenticated Arbitrary File Upload
Description
The EFBP_verify_upload_file AJAX action of the plugin, available to authenticated users, does not have any security in place to verify uploaded files, allowing low-privilege users to upload arbitrary files, leading to RCE.
Proof of Concept
The PoC will be displayed once the issue has been remediated.
Affects Plugins
References
Miscellaneous
Original Researcher
Jin Huang
Submitter
Jin Huang
Submitter website
Submitter twitter
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2021-03-26 (about 3 years ago)
Added
2021-03-26 (about 3 years ago)
Last Updated
2023-01-05 (about 1 years ago)