CVE-2020-12800 Scanner
CVE-2020-12800 scanner - Remote Code Execution (RCE) vulnerability in Drag And Drop Multi File Uploader plugin for WordPress
Short Info
Level
Critical
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 seconds
Time Interval
1 month 1 day
Scan only one
Domain, IPv4, Subdomain
Toolbox
-
The Drag and Drop Multi File Uploader plugin is a WordPress plugin used to enable users to upload multiple files at once to their website. It’s a convenient tool for gathering information from website visitors, specifically for creating contact forms. This plugin is popular due to its ease of use and can help website owners improve their website’s user experience by providing an easy way for visitors to upload necessary files.
CVE-2020-12800 is a critical vulnerability that was detected in Drag and Drop Multi File Uploader plugin for versions before 1.3.4. The vulnerability allowed hackers to bypass the extension filter on uploaded files by appending a "%" sign to the file name. This malicious exploit facilitated the upload of PHP files that contained shell commands, enabling cybercriminals to execute malicious code on the targeted website.
When exploiting this vulnerability, cybercriminals could easily upload and execute malicious software on the victim's website. The worst-case scenario would be the complete control of the website, leading to loss of data, such as financial information of clients or visitors, and the compromise of the website’s integrity and reputation.
Thanks to the pro features of the s4e.io platform, users can easily and quickly learn about vulnerabilities in their digital assets. Our platform provides users with a gamut of security measures and functions that help them protect their digital assets online, preventing security breaches and data loss due to cyber-attacks such as CVE-2020-12800. Our experts use cutting-edge technology and advanced tools to safeguard websites against a range of cyber threats, so businesses and users can rest easy. In conclusion, it is crucial to stay vigilant and proactive in defending your website from threats like CVE-2020-12800, and the s4e.io platform offers the necessary support to ensure you do just that.
REFERENCES
