Unauthenticated Users Can Modify Uploaded Files and Inject PHP Code
CVE-2024-4620

Currently unrated

Key Information:

Vendor

Wordpress

Vendor
CVE Published:
7 June 2024

Badges

👾 Exploit Exists🟡 Public PoC🟣 EPSS 68%

What is CVE-2024-4620?

The ARForms - Premium WordPress Form Builder Plugin WordPress plugin before 6.6 allows unauthenticated users to modify uploaded files in such a way that PHP code can be uploaded when an upload file input is included on a form

Affected Version(s)

ARForms - Premium WordPress Form Builder Plugin 0 < 6.6

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

References

EPSS Score

68% chance of being exploited in the next 30 days.

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

mgthuramoemyint
WPScan
.
The Cyber Security Vulnerability Database.