Security Advisory

CVE-2024-12427

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-01-16 09:39:15

Last updated 2026-04-08 17:32:17

Assigner Wordfence

State PUBLISHED

Description

The Multi Step Form plugin for WordPress is vulnerable to unauthorized limited file upload due to a missing capability check on the fw_upload_file AJAX action in all versions up to, and including, 1.7.23. This makes it possible for unauthenticated attackers to upload limited file types such as images.

← Browse all CVEs View on cve.org ↗