CVE-2023-4596 Forminator WordPress Plugin Exploit

CVE-2023-4596 Forminator WordPress Plugin Exploit

vPython by Prapattimynk

A critical vulnerability has been discovered in the WordPress plugin Forminator, which enables an unauthorized attacker to upload arbitrary files to a server. The initial proof of concept (PoC) was po

Android Android 5.0Exploits And POCs
( 876 ratings )
Price: $0
File CVE-2023-4596 Exploit
Publisher Prapattimynk
Genre Exploits And POCs
File Type Python
Os All
Mod Version Python
Report Report
CVE-2023-4596 Exploit is the most famous version in the CVE-2023-4596 Exploit series of publisher
Download

A critical vulnerability has been discovered in the WordPress plugin Forminator, which enables an unauthorized attacker to upload arbitrary files to a server. The initial proof of concept (PoC) was poorly written, the original researcher shared a few unclear screenshots along with a request containing unexplained code. So I wrote a python script to simplify and automate the process.

The vulnerability is caused by an error in the validation process for file types. When attempting to upload a prohibited file format, such as PHP, an alert is generated stating that the “Uploaded file’s extension is not allowed.” Despite this notification, the uploaded file is not blocked but rather, it is successfully uploaded and can be accessed within the “/wp-content/uploads” folder of the site. This vulnerability can lead to remote code execution.

Forminator is currently active on more than 400,000 sites, and with the simplicity of the vulnerability, it is quite easy to gain control over any site running Forminator with file upload enabled.



Recommended for You

You may also like

Comments

Your email address will not be published. Required fields are marked *

Next Post X
Ads Blocker Image Powered by Code Help Pro

AdBlocker Detected!!!

We have detected that you are using extensions to block ads. Please support us by disabling these ads blocker.