Lucene search
WPScanCVE-2023-4666HistoryOct 16, 2023 - 8:15 p.m.
CVE-2023-4666
2023-10-1620:15:15
WPScan
web.nvd.nist.gov
28
cve-2023-4666
form maker
10web
wordpress plugin
file creation
rce
nvd
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
9.5
Confidence
High
EPSS
0.002
Percentile
54.0%
The Form Maker by 10Web WordPress plugin before 1.15.20 does not validate signatures when creating them on the server from user input, allowing unauthenticated users to create arbitrary files and lead to RCE
Affected configurations
Node
10webform_makerRange<1.15.20wordpress
| Vendor | Product | Version | CPE |
|---|---|---|---|
| 10web | form_maker | * | cpe:2.3:a:10web:form_maker:*:*:*:*:*:wordpress:*:* |
CNA Affected
[
{
"vendor": "Unknown",
"product": "Form Maker by 10Web",
"versions": [
{
"status": "affected",
"versionType": "custom",
"version": "0",
"lessThan": "1.15.20"
}
],
"defaultStatus": "unaffected",
"collectionURL": "https://wordpress.org/plugins"
}
]Related
cvelist
cvelist
CVE-2023-4666 Form-Maker < 1.15.20 - Unauthenticated Arbitrary File Upload
2023-10-16 19:39:11
wpvulndb
wpvulndb
Form-Maker < 1.15.20 - Unauthenticated Arbitrary File Upload
2023-09-19 00:00:00
prion
prion
Input validation
2023-10-16 20:15:00
wpexploit
wpexploit
Form-Maker < 1.15.20 - Unauthenticated Arbitrary File Upload
2023-09-19 00:00:00
nvd
nvd
CVE-2023-4666
2023-10-16 20:15:15
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
9.5
Confidence
High
EPSS
0.002
Percentile
54.0%
Related for CVE-2023-4666