CVE-2023-4596

The Forminator plugin for WordPress is vulnerable to arbitrary file uploads due to file type validation occurring after a file has been uploaded to the server in the upload_post_image() function in versions up to, and including, 1.24.6. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
Configurations

Configuration 1 (hide)

cpe:2.3:a:incsub:forminator:*:*:*:*:*:wordpress:*:*

History

21 Nov 2024, 08:35

Type Values Removed Values Added
New CVE

Information

Published : 2023-08-30 02:15

Updated : 2024-11-21 08:35


NVD link : CVE-2023-4596

Mitre link : CVE-2023-4596

CVE.ORG link : CVE-2023-4596


JSON object : View

Products Affected

incsub

  • forminator
CWE

No CWE.