The Piotnet Forms plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'piotnetforms_ajax_form_builder' function in versions up to, and including, 1.0.26. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: Wordfence
Published: 2024-01-11T08:32:51.372Z
Updated: 2024-08-02T08:21:18.014Z
Reserved: 2023-11-20T17:36:06.242Z
Link: CVE-2023-6220
Vulnrichment
No data.
NVD
Status : Modified
Published: 2024-01-11T09:15:47.883
Modified: 2024-11-21T08:43:23.640
Link: CVE-2023-6220
Redhat
No data.