Critical severity9.8NVD Advisory· Published Aug 30, 2023· Updated Apr 8, 2026
CVE-2023-4596
CVE-2023-4596
Description
The Forminator plugin for WordPress is vulnerable to arbitrary file uploads due to file type validation occurring after a file has been uploaded to the server in the upload_post_image() function in versions up to, and including, 1.24.6. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
3- plugins.trac.wordpress.org/changeset/2954409/forminator/trunk/library/fields/postdata.phpnvdPatch
- www.exploit-db.com/exploits/51664nvdExploitThird Party AdvisoryVDB Entry
- www.wordfence.com/threat-intel/vulnerabilities/id/9cd87da6-1f4c-4a15-8ebb-6e0f8ef72513nvdThird Party Advisory
News mentions
0No linked articles in our index yet.