Critical: Remote Command Execution in WordPress Form Manager Plugin (CVE-2015-7806)

Sec-1 Security Advisory
Advisory Name : Critical: Remote Command Execution in WordPress Form Manager Plugin
Discovery Date : 09/10/2015
Release Date : 12/10/2015
Application :
Platform : WordPress
Severity : HIGH.Arbitrary Code Execution
CVE : CVE-2015-7806
Discovered by : Nick Blundel
Vendor Status : Resolved on 12th October via an update to the plugin version 1.7.3
Website : https://wordpress.org/plugins/wordpress-form-manager/

Vulnerability Summary


On the 9th October 2015 researchers at Sec-1 (AppCheck NG Team) discovered a critical Remote Command Execution (RCE) in the popular WordPress plugin Form Manager which allows an attacker with an unprivileged account (including a self-registered account) to execute arbitrary commands on the host. The vulnerability was reported and fixed on the 12th October.

Demonstration Video


See details and a demonstration of the vulnerability here.

Solution


The vulnerability has now been resolved by the developer: please upgrade this module to >= 1.7.3

Exploit

Here is an example exploit script for this vulnerability: wp-forms-manager-CVE-2015-7806.py

This entry was posted in Advisories. Bookmark the permalink.

Comments are closed.