What is CVE-2023-4666?

CVE-2023-4666 is a vulnerability in Form Maker By 10web, classified under CWE-434 UNRESTRICTED UPLOAD OF FILE WITH DANGEROUS TYPE. Published 2023-10-16.

Is CVE-2023-4666 known to be exploited?

6 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Form Maker By 10web

CVE-2023-4666

The Form Maker by 10Web WordPress plugin before 1.15.20 does not validate signatures when creating them on the server from user input, allowing unauthenticated users to create arbitrary files and lead to RCE

EPSS: 0.757 (98.9th percentile) — read the EPSS interpretation.

Affected products

Unknown Form Maker By 10web — versions 0

Public proof-of-concept exploits

20142995/nuclei-templates
ARPSyndicate/cve-scores
DionSalvador/WPSC
IRB0T/CVE-Scan
MataKucing-OFC/NemesisTools
zhanpengliu-tencent/medium-cve

References

wpscan.com/vulnerability/c6597e36-02d6-46b4-89db-52c160f418be (exploit, vdb-entry, technical-description)

Frequently asked questions

What is CVE-2023-4666?: CVE-2023-4666 is a vulnerability in Form Maker By 10web, classified under CWE-434 UNRESTRICTED UPLOAD OF FILE WITH DANGEROUS TYPE. Published 2023-10-16.
Is CVE-2023-4666 known to be exploited?: 6 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.