CVE-2026-1306

midi-Synth <= 1.1.0 - Unauthenticated Arbitrary File Upload via 'export' AJAX Action

CVSS 9.8 CRITICALEPSS 4.5%CWE-434

Vexday Risk Score

43Atención

Decisión SSVC (CISA)

Attend

PoC disponible → seguir de cerca

CVSS 9.8EPSS 4.5%KEV nãoPoC —Nuclei simMetasploit —Patch —

Ciclo de vida

14 feb 2026Publicada en NVD

Recomendación: Planificar corrección próxima — ya existe PoC pública.

The midi-Synth plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type and file extension validation in the 'export' AJAX action in all versions up to, and including, 1.1.0. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible granted the attacker can obtain a valid nonce. The nonce is exposed in frontend JavaScript making it trivially accessible to unauthenticated attackers.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Productos afectados

adminkov · midi-Synth

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://plugins.trac.wordpress.org/browser/midi-synth/tags/1.1.0/midiSynthConvert.php#L421 https://plugins.trac.wordpress.org/browser/midi-synth/tags/1.1.0/midiSynthConvert.php#L492 https://plugins.trac.wordpress.org/browser/midi-synth/tags/1.1.0/midiSynth.php#L110 https://plugins.trac.wordpress.org/browser/midi-synth/tags/1.1.0/midiSynth.php#L121 https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3460788%40midi-synth&new=3460788%40midi-synth&sfp_email=&sfph_mail=https://www.wordfence.com/threat-intel/vulnerabilities/id/d5b695d7-c690-4748-b218-5699d1aa63bf?source=cve