Lucene search
JpcertVULNRICHMENT:CVE-2024-28890HistoryApr 23, 2024 - 4:56 a.m.
CVE-2024-28890
2024-04-2304:56:24
jpcert
github.com
5
forminator plugin
file upload
vulnerability
remote attacker
sensitive information
denial of service
Forminator prior to 1.29.0 contains an unrestricted upload of file with dangerous type vulnerability. If this vulnerability is exploited, a remote attacker may obtain sensitive information by accessing files on the server, alter the site that uses the plugin, and cause a denial-of-service (DoS) condition.
ADP Affected
[
{
"cpes": [
"cpe:2.3:a:wpmudev:broken_link_checker:*:*:*:*:*:wordpress:*:*"
],
"vendor": "wpmudev",
"product": "broken_link_checker",
"versions": [
{
"status": "affected",
"version": "*"
}
],
"defaultStatus": "unknown"
}
]Related
nvd
nvd
CVE-2024-28890
2024-04-23 05:15:49
cvelist
cvelist
CVE-2024-28890
2024-04-23 04:56:24
wpvulndb
wpvulndb
Forminator < 1.29.0 - Unauthenticated Arbitrary File Upload
2024-04-24 00:00:00
cve
cve
CVE-2024-28890
2024-04-23 05:15:49
githubexploit
githubexploit
Exploit for CVE-2024-28890
2024-06-13 10:41:33
jvn
jvn
JVN#50132400: Multiple vulnerabilities in WordPress Plugin "Forminator"
2024-04-18 00:00:00
wallarmlab
wallarmlab
thn
thn
wordfence
wordfence
AI Score
6.4
Confidence
Low
SSVC
Exploitation
none
Automatable
no
Technical Impact
partial
Related for VULNRICHMENT:CVE-2024-28890