PT-2024-34201 · WordPress · Surveyjs: Drag & Drop Wordpress Form Builder
Stealthcopter
·
Published
2024-10-29
·
Updated
2024-10-29
·
CVE-2024-50427
CVSS v3.1
9.9
Critical
| Vector | AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
SurveyJS: Drag & Drop WordPress Form Builder versions 1.9.136 and earlier
Description:
The issue is related to an Unrestricted Upload of File with Dangerous Type vulnerability. This means that the software may allow uploading files of dangerous types without proper restrictions, potentially leading to security issues.
Recommendations:
For SurveyJS: Drag & Drop WordPress Form Builder versions 1.9.136 and earlier, consider restricting file uploads to only necessary and safe file types until a fix is available. As a temporary workaround, disabling the file upload feature may help minimize the risk of exploitation.
Fix
Unrestricted File Upload
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Surveyjs: Drag & Drop Wordpress Form Builder