More information about this CVE will likely be available in a few days

Description

The Gravity Forms WordPress plugin before 2.9.23.1 does not properly prevent users from uploading dangerous files through its chunked upload functionality, allowing attackers to upload PHP files to affected sites and achieve Remote Code Execution, granted they can discover or enumerate the upload path.

Related CPE's

Could not find any relations

References

https://wpscan.com/vulnerability/e09908fb-f5ad-45ca-8698-c0d596fd39cc/

Weaknesses

Could not find any weaknesses

CVSS impact metrics

Could not find any metrics

Information

Source identifier

[email protected]

Vulnerability status

Received

Published

2025-12-24T06:15:43.973

6 hours ago

Last modified

2025-12-24T06:15:43.973

6 hours ago