Wordfence blocking form submission

Dear Jim,
Thank you for contacting us!
We regret to learn of the difficulties you are encountering. Could you kindly verify and inform us about the current version of the plugin you have installed?
Providing this information will assist us in moving forward with our investigation.
Regards,
Nazeli

Hi! I am using version 1.15.21 and I am still facing this same issue. I have also set “Upload FIles” to No in admin email settings as well as User email Settings.

Can you suggest a solution?

• This reply was modified 1 year, 4 months ago by samkitwp.

I have the same Problem!

Whenn I write an URL with https:// at the beginning the form runs in an conflikt with the wordfence plugin. This plugin register an illegal fileupload and block the transmission with an 403-Error

Thanks for responding, Nazeli. We are using version 2.13.60 of Form Maker Pro. A page where we encounter the problem is:

https://oaklandskiclub.com/reservations-summer-2023/

I look forward to hearing what you discover.

Hello @samkitwp and @thorxer,

We want to bring to your attention that there was a recent problem with reCAPTCHA, but we have successfully resolved it with the release of version 1.15.21. Our recommendation is to remove reCAPTCHA from your form and then reconfigure it to see if this resolves the issue.

Please review this solution and provide us with updates on the outcome.

Dear @jimgasperini, 

Please, note that in the?www.remarpro.com forum, we are replying to the free product-related questions only. For questions regarding the Premium version, please contact our support team?using the following form.

Regards,

Nazeli

• This reply was modified 1 year, 4 months ago by nazelisargsyan.

Hello again, Nazeli–
I followed the suggested link, filled out the form, and received a response from 10Web Care saying “Your request (202954) has been received and is being reviewed by our support staff.” Since then, nothing.

WordFence seems to have identified a vulnerability in Form Maker Pro that results in the forms in our site being blocked. This is a disaster for us! Looking through the WordFence Live Traffic records, I see that DOZENS of users have had their form blocked due to this vulnerability.

For example:
Sunnyvale, California, United States left https://oaklandskiclub.com/membership/ and was blocked by firewall for Form Maker by 10Web <= 1.15.19 – Unauthenticated Arbitrary File Upload in POST body:
etc.

Searching for “10Web <= 1.15.19 – Unauthenticated Arbitrary File Upload” I found this post on the WordFence site:

“The Form Maker by 10Web plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the ‘type_signature’ case of the save_db() function in versions up to, and including, 1.5.19. This makes it possible for unauthenticated attackers to upload arbitrary files, via the signature field, on the affected site’s server which may make remote code execution possible.
Wordfence blocked 23,222 attacks targeting this vulnerability in the past 24 hours.”

This was back in September; it looks like the vulnerability is still there or has recurred.

This is disastrous. We are going to have to find another forms plugin and give yours a one star review.

Dear @jimgasperini,

Thank you for reaching out. We’d like to inform you that we’ve already responded to your inquiry.

Regarding the Free plugin version, we’ve previously addressed the matter, and it has been resolved in version 1.15.21. Once users update the plugin to this version, the issue should no longer persist.

If you have any more questions or need further assistance, please don’t hesitate to get in touch with us!

Thank you for your patience and cooperation.