High severity8.1NVD Advisory· Published Jan 11, 2024· Updated Apr 8, 2026
CVE-2023-6220
CVE-2023-6220
Description
The Piotnet Forms plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'piotnetforms_ajax_form_builder' function in versions up to, and including, 1.0.28. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2cpe:2.3:a:piotnet:piotnet_forms:*:*:*:*:*:wordpress:*:*+ 1 more
- cpe:2.3:a:piotnet:piotnet_forms:*:*:*:*:*:wordpress:*:*range: <=1.0.26
- (no CPE)range: <=1.0.28
Patches
Vulnerability mechanics
References
3- www.wordfence.com/threat-intel/vulnerabilities/id/af2b7eac-a3f5-408f-b139-643e70b3f27anvdThird Party Advisory
- plugins.trac.wordpress.org/browser/piotnetforms/tags/1.0.26/inc/forms/ajax-form-builder.phpnvdIssue Tracking
- plugins.trac.wordpress.org/browser/piotnetforms/tags/1.0.29/inc/forms/ajax-form-builder.phpnvd
News mentions
0No linked articles in our index yet.