Arbitrary File Upload Vulnerability in Everest Forms Plugin for WordPress

CVE-2025-1128

What is CVE-2025-1128?

CVE-2025-1128 identifies a significant vulnerability in the Everest Forms plugin for WordPress, designed for creating various interactive forms such as contact forms, quizzes, and surveys. The flaw arises from inadequate validation within the file handling functionality, allowing unauthenticated users to perform arbitrary file uploads, as well as read and delete files on the server hosting the affected WordPress site. This vulnerability poses a grave risk as it can lead to severe compromises, including remote code execution and unauthorized access to sensitive information, thereby threatening the integrity and confidentiality of the affected system.

Technical Details

The vulnerability is rooted in the flaws present in the 'format' method of the EVF_Form_Fields_Upload class within the Everest Forms plugin. All versions up to and including 3.0.9.4 are impacted due to the plugin's failure to properly validate file types and paths during file operations. This loophole enables attackers to upload malicious files to the server, which can subsequently be executed to gain unauthorized control over the website. The lack of proper security measures in the file upload mechanism creates substantial exposure for users of the plugin.

Potential Impact of CVE-2025-1128

1. Remote Code Execution: The most critical risk involves the potential for remote code execution, which allows attackers to run arbitrary code on the server. Successfully exploiting this vulnerability may enable them to take full control of the server, leading to extensive damage and disruption.

2. Sensitive Information Disclosure: Due to the ability to read arbitrary files, attackers can potentially access private data stored on the server. This could include sensitive information, user credentials, or other confidential documents, which can lead to data breaches and loss of privacy.

3. Complete Site Compromise: With the capability to upload and delete files, attackers may manipulate website content, redirect traffic, or stage other malicious activities that could result in a full takeover of the compromised site, significantly harming the reputation and trustworthiness of the organization.

References