CVE-2024-12427

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Published Jan 16, 2025

CWE ID 862

Summary

CVE-2024-12427 is a vulnerability affecting the Multi Step Form plugin for WordPress. This issue stems from a missing capability check on the fw_upload_file AJAX action, present in all versions up to and including 1.7.23. Consequently, unauthenticated attackers can exploit this flaw to upload limited file types, primarily images, without proper authorization. This vulnerability poses a risk for potential security breaches and data compromise. WordPress users are strongly advised to update their Multi Step Form plugin to the latest version to mitigate this threat.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/1dJuYL
https://www.cve.org/CVERecord?id=CVE-2024-12427
https://nvd.nist.gov/vuln/detail/CVE-2024-12427

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Submarine Cables Face Increasing Threats Amid Geopolitical Tensions and Limited Repair Capacity

US Violent Extremists Likely Shifting Focus to Targeted Physical Threats in 2025

DRAT V2: Updated DRAT Emerges in TAG-140’s Arsenal

Know What Matters

For Customers

For Partners

CVE-2024-12427

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations