CVE-2023-4596 in Forminator PluginИнформация

Сводка

по MITRE • 30.08.2023

The Forminator plugin for WordPress is vulnerable to arbitrary file uploads due to file type validation occurring after a file has been uploaded to the server in the upload_post_image() function in versions up to, and including, 1.24.6. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Ответственный

Wordfence

Резервировать

29.08.2023

Раскрытие

30.08.2023

Модерация

принято

Вход

VDB-238264

Эксплойт

Скачать

EPSS

0.12749

KEV

Нет

Деятельности

Очень низкий

Сектор

Hostingprovider

Источники

Want to know what is going to be exploited?

We predict KEV entries!