Drag and Drop Multiple File Upload for Contact Form 7 < 1.3.3.3 - Unauthenticated File Upload Bypass



Description
Due to the plugin not properly checking the file being uploaded (via the dnd_codedropz_upload AJAX action), an attacker could bypass the checks in place and upload a PHP file.

There was a working exploit provided along with this vulnerability. It also requires the Contact Form 7 plugin to be installed on the target machine.
Proof of Concept
https://github.com/amartinsec/CVE-2020-12800/blob/master/exploit.py

Affects Plugin

References

CVE 2020-12800
ExploitDB 48520
PacketStorm 157837
PacketStorm 157951
URL https://github.com/amartinsec/CVE-2020-12800

Classification

Type BYPASS

Miscellaneous

Original Researcher Austin Martin
Views 2249
Verified Yes
WPVDB ID 10238

Timeline

Publicly Published 2020-05-26 (about 2 months ago)
Added 2020-05-26 (about 2 months ago)
Last Updated 2020-06-06 (about 1 month ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin