CVE-2026-1306

{"id": "CVE-2026-1306", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "security@wordfence.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2026-02-14T07:16:10.150", "references": [{"url": "https://plugins.trac.wordpress.org/browser/midi-synth/tags/1.1.0/midiSynth.php#L110", "source": "security@wordfence.com"}, {"url": "https://plugins.trac.wordpress.org/browser/midi-synth/tags/1.1.0/midiSynth.php#L121", "source": "security@wordfence.com"}, {"url": "https://plugins.trac.wordpress.org/browser/midi-synth/tags/1.1.0/midiSynthConvert.php#L421", "source": "security@wordfence.com"}, {"url": "https://plugins.trac.wordpress.org/browser/midi-synth/tags/1.1.0/midiSynthConvert.php#L492", "source": "security@wordfence.com"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d5b695d7-c690-4748-b218-5699d1aa63bf?source=cve", "source": "security@wordfence.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Primary", "source": "security@wordfence.com", "description": [{"lang": "en", "value": "CWE-434"}]}], "descriptions": [{"lang": "en", "value": "The midi-Synth plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type and file extension validation in the 'export' AJAX action in all versions up to, and including, 1.1.0. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible granted the attacker can obtain a valid nonce. The nonce is exposed in frontend JavaScript making it trivially accessible to unauthenticated attackers."}, {"lang": "es", "value": "El plugin midi-Synth para WordPress es vulnerable a la carga arbitraria de archivos debido a la falta de validaci\u00f3n del tipo de archivo y de la extensi\u00f3n de archivo en la acci\u00f3n AJAX 'export' en todas las versiones hasta la 1.1.0, inclusive. Esto permite a los atacantes no autenticados cargar archivos arbitrarios en el servidor del sitio afectado, lo que podr\u00eda hacer posible la ejecuci\u00f3n remota de c\u00f3digo siempre que el atacante pueda obtener un nonce v\u00e1lido. El nonce est\u00e1 expuesto en el JavaScript de frontend, lo que lo hace trivialmente accesible para los atacantes no autenticados."}], "lastModified": "2026-02-18T17:52:44.520", "sourceIdentifier": "security@wordfence.com"}