Unrated severityNVD Advisory· Published Jan 16, 2025· Updated Apr 8, 2026
Multi Step Form <= 1.7.23 - Missing Authorization to Unauthenticated Limited File Upload
CVE-2024-12427
Description
The Multi Step Form plugin for WordPress is vulnerable to unauthorized limited file upload due to a missing capability check on the fw_upload_file AJAX action in all versions up to, and including, 1.7.23. This makes it possible for unauthenticated attackers to upload limited file types such as images.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3- Range: <=1.7.23
- Range: 0
Patches
Vulnerability mechanics
References
4- plugins.trac.wordpress.org/browser/multi-step-form/tags/1.7.22/includes/lib/msf-shortcode.class.phpmitre
- plugins.trac.wordpress.org/browser/multi-step-form/tags/1.7.22/includes/lib/msf-shortcode.class.phpmitre
- plugins.trac.wordpress.org/changesetmitre
- www.wordfence.com/threat-intel/vulnerabilities/id/f0a31fee-ccc2-4c3b-b198-6cb750188113mitre
News mentions
0No linked articles in our index yet.