Name of the Vulnerable Software and Affected Versions:

Multi Step Form plugin for WordPress versions prior to 1.7.26

Description:

The Multi Step Form plugin for WordPress is susceptible to arbitrary file uploads due to a lack of file type validation during the import process. This allows authenticated attackers with Administrator-level access or higher to upload arbitrary files to the affected server, potentially leading to remote code execution.

Recommendations:

Update the Multi Step Form plugin to version 1.7.26 or later.