cbcvebase.
CVE-2014-6446
published 2014-09-26

CVE-2014-6446: The Infusionsoft Gravity Forms plugin 1.5.3 through 1.5.10 for WordPress does not properly restrict access, which allows remote attackers to upload arbitrary…

PriorityP273high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
46.17%
98.7th percentile
The Infusionsoft Gravity Forms plugin 1.5.3 through 1.5.10 for WordPress does not properly restrict access, which allows remote attackers to upload arbitrary files and execute arbitrary PHP code via a request to utilities/code_generator.php.

Affected

18 ranges
VendorProductVersion rangeFixed in
infusionsoft_gravity_forms_projectinfusionsoft_gravity_forms
infusionsoft_gravity_forms_projectinfusionsoft_gravity_forms
infusionsoft_gravity_forms_projectinfusionsoft_gravity_forms
infusionsoft_gravity_forms_projectinfusionsoft_gravity_forms
infusionsoft_gravity_forms_projectinfusionsoft_gravity_forms
infusionsoft_gravity_forms_projectinfusionsoft_gravity_forms
infusionsoft_gravity_forms_projectinfusionsoft_gravity_forms
infusionsoft_gravity_forms_projectinfusionsoft_gravity_forms
infusionsoft_gravity_forms_projectinfusionsoft_gravity_forms
infusionsoft_gravity_forms_projectinfusionsoft_gravity_forms
infusionsoft_gravity_forms_projectinfusionsoft_gravity_forms
infusionsoft_gravity_forms_projectinfusionsoft_gravity_forms
infusionsoft_gravity_forms_projectinfusionsoft_gravity_forms
infusionsoft_gravity_forms_projectinfusionsoft_gravity_forms
infusionsoft_gravity_forms_projectinfusionsoft_gravity_forms
infusionsoft_gravity_forms_projectinfusionsoft_gravity_forms
infusionsoft_gravity_forms_projectinfusionsoft_gravity_forms
infusionsoft_gravity_forms_projectinfusionsoft_gravity_forms

Detection & IOCsextracted from sources · hover to see the quote

path/wp-content/plugins/infusionsoft/Infusionsoft/utilities/code_generator.php
path/wp-content/plugins/infusionsoft/Infusionsoft/utilities/
filenamecode_generator.php
commandPOST /wp-content/plugins/infusionsoft/Infusionsoft/utilities/code_generator.php [fileNamePattern=<random>.php&fileTemplate=<payload>]
  • Detect unauthenticated POST requests to the vulnerable code_generator.php endpoint with multipart or form-encoded body containing 'fileNamePattern' and 'fileTemplate' parameters — this is the upload trigger.
  • Alert on HTTP 200 responses from code_generator.php whose body contains the string 'Creating File', which confirms successful payload deployment.
  • Monitor for new .php files appearing under the plugin's utilities/ directory (wp-content/plugins/infusionsoft/Infusionsoft/utilities/), as the exploit drops a randomly named PHP webshell there.
  • A subsequent GET request to the newly created .php file in the utilities/ path immediately after the POST is the webshell execution step — correlate the two requests to confirm exploitation.
  • Probe/check requests can be identified by a GET to code_generator.php that returns HTTP 200 with both 'Code Generator' and 'Infusionsoft' in the response body — indicates active reconnaissance for this CVE.
  • ·Affected version range is strictly 1.5.3 through 1.5.10 of the Infusionsoft Gravity Forms WordPress plugin; versions outside this range are not vulnerable.
  • ·The vulnerability requires no authentication — the code_generator.php script does not restrict access, making it exploitable by any remote attacker without credentials.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.