CVE-2024-12544: SurveyJS: Drag & Drop WordPress Form Builder to create, style and embed multiple forms of any complexity <= 1.12.17 - Missing Authorization to Auth...
Description
The SurveyJS: Drag & Drop WordPress Form Builder to create, style and embed multiple forms of any complexity plugin for WordPress is vulnerable to arbitrary file deletion due to a missing capability check on the callback function of the SurveyJS_DeleteFile class in all versions up to, and including, 1.12.17. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). This function is still vulnerable to Cross-Site Request Forgery as of 1.12.20.
Classification
CVE ID: CVE-2024-12544
CVSS Base Severity: HIGH
CVSS Base Score: 8.8
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Problem Types
CWE-862 Missing AuthorizationAffected Products
Vendor: devsoftbaltic
Product: SurveyJS: Drag & Drop WordPress Form Builder to create, style and embed multiple forms of any complexity
Exploit Prediction Scoring System (EPSS)
EPSS Score: 0.23% (probability of being exploited)
EPSS Percentile: 42.88% (scored less or equal to compared to others)
EPSS Date: 2025-03-30 (when was this score calculated)
References
https://nvd.nist.gov/vuln/detail/CVE-2024-12544https://www.wordfence.com/threat-intel/vulnerabilities/id/e9404fe4-855e-4eb4-81c4-5246f6e9be0c?source=cve
https://plugins.trac.wordpress.org/changeset/3222216/surveyjs/trunk/ajax_handlers/delete_file.php
https://plugins.trac.wordpress.org/changeset/3214665/