The Funnelforms Free plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'af2_add_font' function in all versions up to, and including, 3.7.3.2. This makes it possible for authenticated attackers, with administrator-level and above permissions, to upload arbitrary files on the affected site's server which may make remote code execution possible.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Thu, 12 Sep 2024 17:15:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:funnelforms:funnelforms_free:*:*:*:*:*:wordpress:*:*

Fri, 06 Sep 2024 17:30:00 +0000

Type Values Removed Values Added
First Time appeared Funnelforms
Funnelforms funnelforms Free
CPEs cpe:2.3:a:funnelforms:funnelforms_free:*:*:*:*:*:*:*:*
Vendors & Products Funnelforms
Funnelforms funnelforms Free
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Wed, 28 Aug 2024 07:00:00 +0000

Type Values Removed Values Added
Description The Funnelforms Free plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'af2_add_font' function in all versions up to, and including, 3.7.3.2. This makes it possible for authenticated attackers, with administrator-level and above permissions, to upload arbitrary files on the affected site's server which may make remote code execution possible.
Title Funnelforms Free <= 3.7.3.2 - Authenticated (Administrator+) Arbitrary File Upload
Weaknesses CWE-434
References
Metrics cvssV3_1

{'score': 7.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: Wordfence

Published:

Updated: 2024-09-06T16:21:34.562Z

Reserved: 2024-06-25T12:47:23.304Z

Link: CVE-2024-6311

cve-icon Vulnrichment

Updated: 2024-08-28T13:37:20.521Z

cve-icon NVD

Status : Analyzed

Published: 2024-08-28T07:15:10.800

Modified: 2024-09-12T16:46:57.037

Link: CVE-2024-6311

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.