Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
wpvulndbWpvulndbWPVDB-ID:7D1EAD56-7DB2-46C4-97ED-AF008E9B5515
HistoryNov 15, 2023 - 12:00 a.m.

Forminator < 1.28.0 - Admin+ Arbitrary File Upload

2023-11-1500:00:00
wpscan.com
6
security
file upload
blacklisting
rce
htaccess
administrator
forminator plugin

AI Score

7.2

Confidence

Low

EPSS

0.001

Percentile

31.8%

JSON

Description The plugin does not properly blacklist files via the forminator_allowed_mime_types function, which could allow administrator to upload arbitrary file. However, RCE can not be achieved due to htaccess configuration.

Related

prion 1
nvd 1
cve 1
cvelist 1
openvas 1
wordfence 1
prion
prion
Design/Logic Flaw
2023-11-15 07:15:00
nvd
nvd
CVE-2023-6133
2023-11-15 07:15:14
cve
cve
CVE-2023-6133
2023-11-15 07:15:14
cvelist
cvelist
CVE-2023-6133
2023-11-15 06:40:46
openvas
openvas
WordPress Forminator Plugin < 1.28.0 Arbitrary File Upload Vulnerability
2023-11-21 00:00:00
wordfence
wordfence
Wordfence Intelligence Weekly WordPress Vulnerability Report (November 13, 2023 to November 19, 2023)
2023-11-23 20:29:59

AI Score

7.2

Confidence

Low

EPSS

0.001

Percentile

31.8%

JSON
Related for WPVDB-ID:7D1EAD56-7DB2-46C4-97ED-AF008E9B5515
prion1nvd1cve1cvelist1openvas1wordfence1