This host is installed with Wordpress Infusionsoft Gravity Forms Add-on and is prone to remote file upload vulnerability.

Successful exploitation will allow an unauthenticated remote attacker to upload files in an affected site. Impact Level: Application

Upgrade to version 1.5.11 or later, For updates refer to https://wordpress.org/plugins/infusionsoft

Flaw is due to the plugin failed to restrict access to certain files.

WordPress Infusionsoft Gravity Forms Add-on version 1.5.3 to 1.5.10

Send a crafted data via HTTP GET request and check whether it is is able to upload file or not.

• http://research.g0blin.co.uk/cve-2014-6446
• https://wordpress.org/plugins/infusionsoft/changelog/

---

Updated on 2015-03-25