Critical severity9.8NVD Advisory· Published Aug 30, 2023· Updated Apr 8, 2026
CVE-2023-4596
CVE-2023-4596
Description
The Forminator plugin for WordPress is vulnerable to arbitrary file uploads due to file type validation occurring after a file has been uploaded to the server in the upload_post_image() function in versions up to, and including, 1.24.6. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- plugins.trac.wordpress.org/changeset/2954409/forminator/trunk/library/fields/postdata.phpnvdPatch
- www.exploit-db.com/exploits/51664nvdExploitThird Party AdvisoryVDB Entry
- www.wordfence.com/threat-intel/vulnerabilities/id/9cd87da6-1f4c-4a15-8ebb-6e0f8ef72513nvdThird Party Advisory
News mentions
0No linked articles in our index yet.