CVE-2024-1169

The Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) plugin for WordPress is vulnerable to unauthorized media upload due to a missing capability check on the buddyforms_upload_handle_dropped_media function in all versions up to, and including, 2.8.7. This makes it possible for unauthenticated attackers to upload media files.

More information : https://plugins.trac.wordpress.org/browser/buddyforms/trunk/includes/functions.php#L1466

Attack vector :
Attack complexity :
Privileges required :
User interaction :
Confidentiality impact :
Integrity impact :
Base score :
Base severity :
Exploitability score :
Impact score :