On the 9th October researchers at AppCheck discovered a critical Remote Command Execution (RCE) in the popular WordPress plugin Form Manager which allows an attacker with an unprivileged account (including a self-registered account) to execute arbitrary commands on the host. The vulnerability was reported and fixed on the 12th October.
See details and a demonstration of the vulnerability here.
Here is an example exploit script for this vulnerability: wp-forms-manager-CVE-2015-7806.py
The vulnerability has now been resolved by the developer: please upgrade this module to >= 1.7.3
No software to download or install.
Contact us or call us 0113 887 8380