Lucene search
HistoryOct 16, 2023 - 8:15 p.m.
CVE-2023-4666
form maker
10web
wordpress
signature validation
rce
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
9.6
Confidence
High
EPSS
0.002
Percentile
54.0%
The Form Maker by 10Web WordPress plugin before 1.15.20 does not validate signatures when creating them on the server from user input, allowing unauthenticated users to create arbitrary files and lead to RCE
Affected configurations
Node
10webform_makerRange<1.15.20wordpress
| Vendor | Product | Version | CPE |
|---|---|---|---|
| 10web | form_maker | * | cpe:2.3:a:10web:form_maker:*:*:*:*:*:wordpress:*:* |
Related
cvelist
cvelist
CVE-2023-4666 Form-Maker < 1.15.20 - Unauthenticated Arbitrary File Upload
2023-10-16 19:39:11
wpvulndb
wpvulndb
Form-Maker < 1.15.20 - Unauthenticated Arbitrary File Upload
2023-09-19 00:00:00
cve
cve
CVE-2023-4666
2023-10-16 20:15:15
prion
prion
Input validation
2023-10-16 20:15:00
wpexploit
wpexploit
Form-Maker < 1.15.20 - Unauthenticated Arbitrary File Upload
2023-09-19 00:00:00
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
9.6
Confidence
High
EPSS
0.002
Percentile
54.0%
Related for NVD:CVE-2023-4666