Fwd: [CIVN-2020-0200] Vulnerability in Wordpress plugin

Severity Rating: HIGH

Software Affected

WordPress Drag and Drop File Upload Contact Form plugin for WordPress

<1.3.3.3

Overview

A vulnerability has been reported in Wordpress plugin which could allow an

attacker to conduct remote code execution attacks on a targeted system.

Description

1. Unauthenticated File Upload Bypass Vulnerability

This vulnerability exists in Drag and Drop File Upload Contact Form plugin

for WordPress due to improper checking of the file being uploaded. By

sending a specially crafted file, an attacker could exploit this

vulnerability using the supported_type parameter.

Successful exploitation of this vulnerability could allow a remote attacker

to execute arbitrary code on the targeted system.

Solution

Apply appropriate fixes as issued by the vendor in the following link

https://wordpress.org/plugins/drag-and-drop-multiple-file-upload-contact-fo

rm-7/

Vendor Information

WordPress

https://wordpress.org/plugins/drag-and-drop-multiple-file-upload-contact-fo

rm-7/

References

WordPress

https://wordpress.org/plugins/drag-and-drop-multiple-file-upload-contact-fo

rm-7/

IBM X-Force Exchange

https://exchange.xforce.ibmcloud.com/vulnerabilities/182459

About Cert Advisory

We have created this blog to provide latest security advisory from the india cert for the security vulnerability, threats, attacks and patching required to mitigate any kind of cyber attacks.

Fwd: [CIVN-2020-0200] Vulnerability in Wordpress plugin

About Cert Advisory

Related Posts

Popular Posts

Facebook

Blog Archive