CVSS: 6.6EPSS: 0%CPEs: 1EXPL: 0CVE-2023-6133 – Forminator <= 1.27.0 - Authenticated (Administrator+) Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2023-6133
The Forminator plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient blacklisting on the 'forminator_allowed_mime_types' function in versions up to, and including, 1.27.0. This makes it possible for authenticated attackers with administrator-level capabilities or above to upload arbitrary files on the affected site's server, but due to the htaccess configuration, remote code cannot be executed. El complemento Forminator para WordPress es vulnerable a la carga de archivos arbitrarios debido a una lista negra insuficiente en la función 'forminator_allowed_mime_types' en versiones hasta la 1.27.0 incluida. Esto hace posible que atacantes autenticados con capacidades de nivel de administrador o superiores carguen archivos arbitrarios en el servidor del sitio afectado, pero debido a la configuración de htaccess, el código remoto no se puede ejecutar. • https://plugins.trac.wordpress.org/browser/forminator/tags/1.27.0/library/fields/upload.php#L356 https://plugins.trac.wordpress.org/browser/forminator/tags/1.27.0/library/fields/upload.php#L372 https://plugins.trac.wordpress.org/changeset/2995007/forminator/trunk/library/helpers/helper-fields.php#file0 https://www.wordfence.com/threat-intel/vulnerabilities/id/13cfa202-ab90-46c0-ab53-00995bfdcaa3?source=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-5119 – Forminator and Forminator Pro < 1.27.0 - Admin+ Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2023-5119
The Forminator WordPress plugin before 1.27.0 does not properly sanitize the redirect-url field in the form submission settings, which could allow high-privilege users such as an administrator to inject arbitrary web scripts even when the unfiltered_html capability is disallowed (for example in a multisite setup). El complemento Forminator de WordPress anterior a 1.27.0 no sanitiza adecuadamente el campo URL de redireccionamiento en la configuración de envío de formularios, lo que podría permitir a usuarios con altos privilegios, como un administrador, inyectar scripts web arbitrarios incluso cuando la capacidad unfiltered_html no está permitida (por ejemplo en una configuración multisitio). The Forminator – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'redirect-url' field located in the form submission settings in all versions up to, and including, 1.26.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. • https://wpscan.com/vulnerability/229207bb-8f8d-4579-a8e2-54516474ccb4 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 13%CPEs: 1EXPL: 5CVE-2023-4596 – Forminator <= 1.24.6 - Unauthenticated Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2023-4596
The Forminator plugin for WordPress is vulnerable to arbitrary file uploads due to file type validation occurring after a file has been uploaded to the server in the upload_post_image() function in versions up to, and including, 1.24.6. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. El plugin Forminator para WordPress es vulnerable a la subida de archivos arbitrarios debido a la validación del tipo de archivo que se produce después de que un archivo haya sido subido al servidor en la función "upload_post_image()" en versiones hasta, e incluyendo, la 1.24.6. Esto hace posible que atacantes no autenticados carguen archivos arbitrarios en el servidor del sitio afectado, lo que puede posibilitar la ejecución remota de código. • https://github.com/X-Projetion/CVE-2023-4596-Vulnerable-Exploit-and-Checker-Version https://github.com/X-Projetion/CVE-2023-4596-OpenSSH-Multi-Checker https://github.com/E1A/CVE-2023-4596 https://github.com/RHYru9/CVE-2023-4596-checker https://plugins.trac.wordpress.org/changeset/2954409/forminator/trunk/library/fields/postdata.php https://www.exploit-db.com/exploits/51664 https://www.wordfence.com/threat-intel/vulnerabilities/id/9cd87da6-1f4c-4a15-8ebb-6e0f8ef72513?source=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2023-3134 – Forminator < 1.24.4 - Reflected XSS
https://notcve.org/view.php?id=CVE-2023-3134
The Forminator WordPress plugin before 1.24.4 does not properly escape values that are being reflected inside form fields that use pre-populated query parameters, which could lead to reflected XSS attacks. The Forminator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.24.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. • https://wpscan.com/vulnerability/6d50d3cc-7563-42c4-977b-f834fee711da https://www.onvio.nl/nieuws/research-day-discovering-vulnerabilities-in-wordpress-plugins • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2023-2010 – Forminator < 1.24.1 - Unauthenticated Race Condition on poll vote
https://notcve.org/view.php?id=CVE-2023-2010
The Forminator WordPress plugin before 1.24.1 does not use an atomic operation to check whether a user has already voted, and then update that information. This leads to a Race Condition that may allow a single user to vote multiple times on a poll. The Forminator plugin for WordPress is vulnerable to a race condition in versions up to, and including, 1.23.3. This is due to improper validation on the poll voting functionality. This makes it possible for unauthenticated attackers to make multiple votes on a poll. • https://wpscan.com/vulnerability/d0da4c0d-622f-4310-a867-6bfdb474073a • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •