CVE-2025-23921

Name of the Vulnerable Software and Affected Versions NotFound Multi Uploader for Gravity Forms versions 1.1.3 and earlier

Description The issue allows unrestricted upload of files with dangerous types, enabling attackers to upload web shells to web servers. This can lead to significant security risks.

Recommendations For versions 1.1.3 and earlier, update to a version later than 1.1.3 to resolve the issue. As a temporary workaround, consider restricting file uploads or disabling the upload feature until a patch is available. Restrict access to the upload module to minimize the risk of exploitation. Avoid using the file upload feature in the affected API endpoint until the issue is resolved.