Skip to main content

SigmaForms Pro EUVDEUVD-2026-37627

| CVE-2026-52705 CRITICAL
Unrestricted Upload of File with Dangerous Type (CWE-434)
2026-06-17 Patchstack
9.0
CVSS 3.1 · Vendor: Patchstack
Share

Severity by source

Vendor (Patchstack) PRIMARY
9.0 CRITICAL
AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
vuln.today AI
9.0 CRITICAL

Network-reachable unauthenticated upload endpoint (AV:N/PR:N/UI:N); AC:H reflects a non-trivial validation bypass; successful upload yields PHP execution affecting the underlying host beyond the plugin (S:C, C/I/A:H).

3.1 AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
4.0 AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Primary rating from Vendor (Patchstack).

CVSS VectorVendor: Patchstack

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
Analysis Generated
Jun 17, 2026 - 12:00 vuln.today

DescriptionCVE.org

Unauthenticated Arbitrary File Upload in SigmaForms Pro - AI Generated Forms <= 1.4.5 versions.

AnalysisAI

Unauthenticated arbitrary file upload in the SigmaForms Pro - AI Generated Forms WordPress plugin (versions <= 1.4.5) allows remote attackers to upload files of their choosing to the underlying web server, enabling webshell deployment and full site takeover. The flaw was disclosed by Patchstack and carries a CVSS 3.1 score of 9.0 with scope change, indicating impact beyond the vulnerable component. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Recon
Identify WordPress site running SigmaForms Pro ≤ 1.4.5
Delivery
Craft multipart upload bypassing extension filter
Exploit
POST webshell to plugin upload endpoint
Install
Request uploaded PHP file via HTTP
C2
Execute commands as web-server user
Execute
Read wp-config.php and create admin account
Impact
Persist and pivot across hosted site

Vulnerability AssessmentAI

Exploitation The target WordPress site must have the SigmaForms Pro - AI Generated Forms plugin installed and activated at a version at or below 1.4.5, with its upload-handling endpoint reachable from the attacker's network position (the default for any internet-facing WordPress install). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.1 vector (AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H) indicates a network-reachable, unauthenticated, no-user-interaction flaw with scope change and full CIA impact - characteristic of arbitrary file upload leading to RCE on a shared web stack. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An unauthenticated remote attacker enumerates WordPress sites running SigmaForms Pro <= 1.4.5, then sends a crafted multipart POST request to the plugin's file-upload handler containing a PHP webshell with a filename or content-type designed to bypass the plugin's validation logic. Once the file is written under wp-content, the attacker requests its URL to execute commands as the web-server user, pivoting to database credential theft (wp-config.php), admin user creation, and persistence across the site. …
Remediation Upgrade SigmaForms Pro - AI Generated Forms to a version newer than 1.4.5 once the vendor publishes a fixed release; consult the Patchstack advisory at https://patchstack.com/database/wordpress/plugin/sigmaforms-pro/vulnerability/wordpress-sigmaforms-pro-ai-generated-forms-plugin-1-4-5-arbitrary-file-upload-vulnerability for the confirmed patched version, as the exact fix version was not included in the supplied data. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

24 hours: Identify all WordPress instances running SigmaForms Pro ≤1.4.5; immediately deactivate and remove the plugin; conduct forensic audit of wp-content/uploads/ for suspicious files (PHP, executables) and review server logs for unauthorized upload activity. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-37627 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy