CVE-2023-4596

{"id": "CVE-2023-4596", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "security@wordfence.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2023-08-30T02:15:09.353", "references": [{"url": "https://plugins.trac.wordpress.org/changeset/2954409/forminator/trunk/library/fields/postdata.php", "tags": ["Patch"], "source": "security@wordfence.com"}, {"url": "https://www.exploit-db.com/exploits/51664", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "source": "security@wordfence.com"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9cd87da6-1f4c-4a15-8ebb-6e0f8ef72513?source=cve", "tags": ["Third Party Advisory"], "source": "security@wordfence.com"}], "vulnStatus": "Modified", "descriptions": [{"lang": "en", "value": "The Forminator plugin for WordPress is vulnerable to arbitrary file uploads due to file type validation occurring after a file has been uploaded to the server in the upload_post_image() function in versions up to, and including, 1.24.6. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible."}, {"lang": "es", "value": "El plugin Forminator para WordPress es vulnerable a la subida de archivos arbitrarios debido a la validaci\u00f3n del tipo de archivo que se produce despu\u00e9s de que un archivo haya sido subido al servidor en la funci\u00f3n \"upload_post_image()\" en versiones hasta, e incluyendo, la 1.24.6. Esto hace posible que atacantes no autenticados carguen archivos arbitrarios en el servidor del sitio afectado, lo que puede posibilitar la ejecuci\u00f3n remota de c\u00f3digo. "}], "lastModified": "2023-11-07T04:22:46.670", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:incsub:forminator:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "DB7C43F0-DD62-44EC-97FB-0EAC45C12678", "versionEndIncluding": "1.24.6"}], "operator": "OR"}]}], "sourceIdentifier": "security@wordfence.com"}