SurveyJS WordPress Plugin Arbitrary File Deletion Vulnerability
Vulnerability
A vulnerability allowing arbitrary file deletion has been identified in the SurveyJS: Drag & Drop WordPress Form Builder plugin, in versions through 1.12.17. The issue arises from a missing capability check in the SurveyJS_DeleteFile class, which allows authenticated attackers with Subscriber-level access and above to delete arbitrary files from the server. This could lead to remote code execution if a critical file, such as wp-config.php, is deleted. Although the vulnerability was patched in version 1.12.18, the function remains susceptible to Cross-Site Request Forgery in version 1.12.20.
Impact
Exploitation of this vulnerability could result in unauthorized deletion of files on the server, potentially leading to remote code execution if a sensitive file is removed.
Remediation
Users are advised to update the SurveyJS WordPress Form Builder plugin to version 1.12.18 or a newer patched version.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.