Mondula Multi Step Form
Moderate fix1 remedy
cpe:2.3:a:mondula:multi_step_form:*:*:*:*:wordpress:*:*
Moderate fix1 remedy
- <= 1.7.23
WordPress Multi Step Form Plugin Unauthorized File Upload Vulnerability
Vulnerability
Patched
A vulnerability exists in the Multi Step Form plugin for WordPress, allowing unauthorized file uploads. This issue arises from a lack of proper capability checks on the 'fw_upload_file' AJAX action, affecting all versions up to and including 1.7.23. As a result, unauthenticated attackers can upload certain file types, such as images.
Impact
Exploitation of this vulnerability could lead to unauthorized file uploads, potentially allowing for the execution of malicious files or scripts.
Reproduction
The vulnerability can be reproduced by sending a POST request to the 'fw_upload_file' AJAX action without the necessary authorization. This can be done by an unauthenticated user, as the 'wp_ajax_nopriv_fw_upload_file' action is available to users without login.
Remediation
Users are advised to update the Multi Step Form plugin to version 1.7.24 or later, where this vulnerability has been patched.
Added: Jun 9, 2025, 7:46 PM
Updated: Jun 9, 2025, 7:46 PM
Vulnerability Rating
Custom Algorithm
spread
1.0impact
0.0exploitability
7.4remediation
7.7relevance
0.0threat
4.8urgency
2.9incentive
1.7Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.