CVE-2014-6446

Currently unrated

Key Information:

Vendor: Wordpress
Status: Infusionsoft Gravity Forms
Vendor: CVE Published:; 26 September 2014

Summary

The Infusionsoft Gravity Forms plugin 1.5.3 through 1.5.10 for WordPress does not properly restrict access, which allows remote attackers to upload arbitrary files and execute arbitrary PHP code via a request to utilities/code_generator.php.

References

http://packetstormsecurity.com/files/131002/Wordpress-Inf...

x_refsource_MISC

http://www.exploit-db.com/exploits/34925

exploitx_refsource_EXPLOIT-DB

https://wordpress.org/plugins/infusionsoft/changelog/

x_refsource_CONFIRM

EPSS Score

66% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Sep 26, 2014
Vulnerability Reserved
Sep 16, 2014