Unrestricted File Upload Vulnerability in CformsII Plugin for WordPress
CVE-2014-9473

Currently unrated

Key Information:

Vendor

Wordpress
Status
Cformsii
Vendor
CVE Published:
8 January 2015

What is CVE-2014-9473?

The CformsII plugin for WordPress allows for unrestricted file uploads due to a vulnerability in lib_nonajax.php. This flaw enables remote attackers to execute arbitrary code by uploading files with executable extensions through the cf_uploadfile2[] parameter. Once the file is uploaded to the default directory, attackers can access it directly, leading to potential exploitation and unauthorized control over the affected system. Users of the CformsII plugin should take immediate action to mitigate this risk.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://wordpress.org/plugins/cforms2/changelog/
x_refsource_CONFIRM
http://www.securityfocus.com/archive/1/534349/30/0/threaded
mailing-listx_refsource_BUGTRAQ

EPSS Score

39% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.