VYPR

Multi Step Form

by Mlooft

Source repositories

CVEs (2)

  • CVE-2025-9515HigSep 6, 2025
    risk 0.47cvss 7.2epss 0.01

    The Multi Step Form plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation via the import functionality in all versions up to, and including, 1.7.25. This makes it possible for authenticated attackers, with Administrator-level access and…

  • CVE-2024-12427Jan 16, 2025
    risk 0.00cvss epss 0.00

    The Multi Step Form plugin for WordPress is vulnerable to unauthorized limited file upload due to a missing capability check on the fw_upload_file AJAX action in all versions up to, and including, 1.7.23. This makes it possible for unauthenticated attackers to upload limited…