WordPress Plugin Vulnerabilities

Forminator < 1.25.0 - Unauthenticated Arbitrary File Upload

Description

The plugin does not validate files to be uploaded before writing them on the server, allowing unauthenticated users to upload arbitrary files and lead to RCE

Affects Plugins

Plugin icon
forminator
Fixed in 1.25.0

References

CVE
CVE-2023-4596
Exploitdb
51664

Miscellaneous

Original Researcher
mehmet
Verified
Yes
WPVDB ID
fb8db268-77d9-47b5-ad41-e9c05f0e7523

Timeline

Publicly Published
2023-08-04 (about 2 years ago)
Added
2023-08-30 (about 2 years ago)
Last Updated
2023-08-30 (about 2 years ago)

Other

Published
Title
Published
2025-09-03
Title
Wastia < 1.1.3 - Unauthenticated Arbitrary File Upload
Published
2025-02-11
Title
Security & Malware scan by CleanTalk < 2.150 - Unauthenticated Arbitrary File Upload
Published
2025-05-12
Title
TheGem < 5.10.3.1 - Authenticated (Subscriber+) Arbitrary File Upload
Published
2024-08-06
Title
Z-Downloads < 1.11.5 - Admin+ Arbitrary File Upload
Published
2025-03-11
Title
ThemeEgg ToolKit <= 1.2.9 - Authenticated (Administrator+) Arbitrary File Upload