Mondula: >> Multi Step Form >> 1.7.17 Security Vulnerabilities
The Multi Step Form plugin for WordPress is vulnerable to unauthorized limited file upload due to a missing capability check on the fw_upload_file AJAX action in all versions up to, and including, 1.7.23. This makes it possible for unauthenticated attackers to upload limited file types such as images.
CVSS Score
5.3
EPSS Score
0.001
Published
2025-01-16
Missing Authorization vulnerability in Mondula GmbH Multi Step Form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Multi Step Form: from n/a through 1.7.21.
CVSS Score
4.3
EPSS Score
0.001
Published
2024-10-29
Cross-Site Request Forgery (CSRF) vulnerability in Mondula GmbH Multi Step Form.This issue affects Multi Step Form: from n/a through 1.7.18.
CVSS Score
5.4
EPSS Score
0.0
Published
2024-02-21