virus logo Client Application Firewall

WordPress.MM.Forms.Community.Plugin.Arbitrary.File.Upload

description-logoDescription

This indicates an attack attempt to exploit a Remote File Inclusion vulnerability in MM Forms Community Plugin for WordPress.
The vulnerability is due to insufficient sanitizing of user supplied inputs in the application when handling uploaded files. A remote attacker can exploit this to upload arbitrary files and by making a direct request to the file, also execute the script file uploaded.

affected-products-logoAffected Products

MM Forms Community plugin 2.2.5 and 2.2.6 for WordPress

Impact logoImpact

System Compromise: Remote attackers can execute arbitrary script code in the context of the affected site.

recomended-action-logoRecommended Actions

Currently we are unaware of any vendor supplied patch or updates available for this issue.

References

http://www.exploit-db.com/exploits/18997/
ID 34831
Created Mar 26, 2013
Updated Sep 04, 2023
CVE ID
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon
Exploit Prediction Score 23.16%
Default Action drop
Affected OS Windows, Linux, BSD, Solaris, MacOS
Affected App PHP_app
Profile Type Permission/Privilege/Access Control