Intrusion Prevention

WordPress.MM.Forms.Community.Plugin.Arbitrary.File.Upload

Description

This indicates an attack attempt to exploit a Remote File Inclusion vulnerability in MM Forms Community Plugin for WordPress.
The vulnerability is due to insufficient sanitizing of user supplied inputs in the application when handling uploaded files. A remote attacker can exploit this to upload arbitrary files and by making a direct request to the file, also execute the script file uploaded.

Affected Products

MM Forms Community plugin 2.2.5 and 2.2.6 for WordPress

Impact

System Compromise: Remote attackers can execute arbitrary script code in the context of the affected site.

Recommended Actions

Currently we are unaware of any vendor supplied patch or updates available for this issue.

CVE References

CVE-2012-3574