WordPress Plugin SuperForms 4.9 - Arbitrary File Upload to Remote Code

2021.02.24

Team-Venom (IN)

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: N/A

Dork: inurl:wp-content/plugins/super-forms

[+] Exploit Title:  WordPress Plugin SuperForms 4.9 - Arbitrary File Upload to Remote Code


|[+] Tested on: Windows 10 Firefox / Kali Linux

|[+] Google Dork: inurl:wp-content/plugins/super-forms

|[+] Demo : 
http://www.autochartist.academy/broker/wp-content/plugins/super-forms/uploads/php/
https://www.fitnessworldclubs.com/wp-content/plugins/super-forms/assets/js/
https://patelwelfare.org/wp-content/plugins/super-forms/assets/css/?DD

|[+] : Instagram ID: @i.m.gauravchaudhary
|[+] : Instagram ID: @mind8hunter_

Greedz to--> All Black Hat Hackers

See this note in RAW Version

Vote for this issue:

10%

90%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

WordPress Plugin SuperForms 4.9 - Arbitrary File Upload to Remote Code

Dork: inurl:wp-content/plugins/super-forms

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.