CVE-2023-4666

high-risk
Published 2023-10-16

The Form Maker by 10Web WordPress plugin before 1.15.20 does not validate signatures when creating them on the server from user input, allowing unauthenticated users to create arbitrary files and lead to RCE

Do I need to act?

!
75.7% chance of exploitation in next 30 days
EPSS score — higher than 24% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10 Critical
NETWORK / LOW complexity

Affected Products (1)

Affected Vendors

10Web

References (2)

Exploit https://wpscan.com/vulnerability/c6597e36-02d6-46b4-89db-52c160f418be
Exploit https://wpscan.com/vulnerability/c6597e36-02d6-46b4-89db-52c160f418be
57
/ 100
high-risk
Severity 32/34 · Critical
Exploitability 20/34 · Moderate
Exposure 5/34 · Minimal