Update the WordPress WP-FormAssembly plugin to the latest available version (at least 2.0.6).
Nguyen Anh Tien discovered and reported this Directory Traversal vulnerability in WordPress WP-FormAssembly Plugin. This could allow a malicious actor to see all files in a given directory or determine if certain files/directories exist in given folder. This can be used to exploit other weaknesses in the system This vulnerability has been fixed in version 2.0.6.
Start a free security program for your WordPress plugins or request an audit.
Apply for MVDPReport to Patchstack Alliance bounty platform and earn monthly cash prizes.
Learn more