CVE-2023-4596 in Forminator Plugininformation

Résumé

par MITRE • 30/08/2023

The Forminator plugin for WordPress is vulnerable to arbitrary file uploads due to file type validation occurring after a file has been uploaded to the server in the upload_post_image() function in versions up to, and including, 1.24.6. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Responsable

Wordfence

Réserver

29/08/2023

Divulgation

30/08/2023

Modérer

accepté

Entrée

VDB-238264

CPE

prêt

Exploitation

Télécharger

EPSS

0.12749

KEV

non

Activités

très faible

Sources

Do you want to use VulDB in your project?

Use the official API to access entries easily!