Talal Nasraddeen

**Name of the Vulnerable Software and Affected Versions** Gravity Forms versions prior to 2.9.22 **Description** The Gravity Forms plugin for WordPress is susceptible to arbitrary file uploads because of inadequate file type validation within the legacy chunked upload mechanism. The extension blacklist does not include .phar files, allowing unauthenticated attackers to upload executable .phar files. Successful exploitation requires the web server to be configured to process .phar files as PHP. This could lead to remote code execution on the server if an attacker can determine the upload path. **Recommendations** Update Gravity Forms to version 2.9.22 or later.

**Name of the Vulnerable Software and Affected Versions** Gravity Forms versions up to and including 2.9.20 **Description** The Gravity Forms plugin for WordPress is susceptible to arbitrary file uploads because of a lack of file type validation within the `copy post image()` function. This allows unauthenticated attackers to upload arbitrary files to the server, potentially leading to remote code execution. This issue is only present on sites where `allow url fopen` is enabled, the post creation form is active, and a file upload field exists within the post form. **Recommendations** Gravity Forms versions up to and including 2.9.20: Update to version 2.9.21 or later.

**Name of the Vulnerable Software and Affected Versions** Tablesome Table – Contact Form DB – WPForms, CF7, Gravity, Forminator, Fluent versions up to and including 1.1.32 **Description** The Tablesome Table – Contact Form DB – WPForms, CF7, Gravity, Forminator, Fluent plugin for WordPress is susceptible to arbitrary file uploads. This is due to a lack of file type validation within the `set featured image from external url()` function. This allows unauthenticated attackers to upload arbitrary files to the affected server. In configurations where unauthenticated users have the ability to add featured images, this could lead to remote code execution. **Recommendations** Versions up to and including 1.1.32: Update to a version beyond 1.1.32.

**Name of the Vulnerable Software and Affected Versions** PPOM – Product Addons & Custom Fields for WooCommerce versions up to and including 33.0.15 **Description** The PPOM – Product Addons & Custom Fields for WooCommerce plugin for WordPress is susceptible to arbitrary file uploads. This is due to a lack of file type validation within the image cropper functionality. Unauthenticated attackers can exploit this to upload arbitrary files to the server, potentially leading to remote code execution. The issue specifically affected users with the paid version of the software installed and activated. **Recommendations** Update PPOM – Product Addons & Custom Fields for WooCommerce to version 33.0.16 or newer.

**Name of the Vulnerable Software and Affected Versions** PPOM – Product Addons & Custom Fields for WooCommerce plugin for WordPress versions prior to 33.0.16 **Description** The software contains a SQL Injection flaw in the `PPOM Meta::get fields by id()` function. Insufficient escaping of user-supplied parameters and inadequate SQL query preparation allow unauthenticated attackers to inject additional SQL queries into existing queries, potentially extracting sensitive information from the database. This is exploitable when the Enable Legacy Price Calculations setting is enabled. **Recommendations** Update the PPOM – Product Addons & Custom Fields for WooCommerce plugin to version 33.0.16 or later.