VYPR
Unrated severityNVD Advisory· Published Jan 16, 2025· Updated Apr 8, 2026

Multi Step Form <= 1.7.23 - Missing Authorization to Unauthenticated Limited File Upload

CVE-2024-12427

Description

The Multi Step Form plugin for WordPress is vulnerable to unauthorized limited file upload due to a missing capability check on the fw_upload_file AJAX action in all versions up to, and including, 1.7.23. This makes it possible for unauthenticated attackers to upload limited file types such as images.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

3

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.