CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
Confidence
Low
EPSS
Percentile
98.0%
The Infusionsoft Gravity Forms plugin 1.5.3 through 1.5.10 for WordPress does not properly restrict access, which allows remote attackers to upload arbitrary files and execute arbitrary PHP code via a request to utilities/code_generator.php.
Vendor | Product | Version | CPE |
---|---|---|---|
infusionsoft_gravity_forms_project | infusionsoft_gravity_forms | 1.5.3 | cpe:2.3:a:infusionsoft_gravity_forms_project:infusionsoft_gravity_forms:1.5.3:*:*:*:*:wordpress:*:* |
infusionsoft_gravity_forms_project | infusionsoft_gravity_forms | 1.5.4 | cpe:2.3:a:infusionsoft_gravity_forms_project:infusionsoft_gravity_forms:1.5.4:*:*:*:*:wordpress:*:* |
infusionsoft_gravity_forms_project | infusionsoft_gravity_forms | 1.5.4.1 | cpe:2.3:a:infusionsoft_gravity_forms_project:infusionsoft_gravity_forms:1.5.4.1:*:*:*:*:wordpress:*:* |
infusionsoft_gravity_forms_project | infusionsoft_gravity_forms | 1.5.4.2 | cpe:2.3:a:infusionsoft_gravity_forms_project:infusionsoft_gravity_forms:1.5.4.2:*:*:*:*:wordpress:*:* |
infusionsoft_gravity_forms_project | infusionsoft_gravity_forms | 1.5.5 | cpe:2.3:a:infusionsoft_gravity_forms_project:infusionsoft_gravity_forms:1.5.5:*:*:*:*:wordpress:*:* |
infusionsoft_gravity_forms_project | infusionsoft_gravity_forms | 1.5.6 | cpe:2.3:a:infusionsoft_gravity_forms_project:infusionsoft_gravity_forms:1.5.6:*:*:*:*:wordpress:*:* |
infusionsoft_gravity_forms_project | infusionsoft_gravity_forms | 1.5.7 | cpe:2.3:a:infusionsoft_gravity_forms_project:infusionsoft_gravity_forms:1.5.7:*:*:*:*:wordpress:*:* |
infusionsoft_gravity_forms_project | infusionsoft_gravity_forms | 1.5.7.1 | cpe:2.3:a:infusionsoft_gravity_forms_project:infusionsoft_gravity_forms:1.5.7.1:*:*:*:*:wordpress:*:* |
infusionsoft_gravity_forms_project | infusionsoft_gravity_forms | 1.5.7.2 | cpe:2.3:a:infusionsoft_gravity_forms_project:infusionsoft_gravity_forms:1.5.7.2:*:*:*:*:wordpress:*:* |
infusionsoft_gravity_forms_project | infusionsoft_gravity_forms | 1.5.8 | cpe:2.3:a:infusionsoft_gravity_forms_project:infusionsoft_gravity_forms:1.5.8:*:*:*:*:wordpress:*:* |