Even unauthorized intruders can steal all your data.
The US National Vulnerability Database (NVD) has published information about a critical vulnerability under the identifier CVE-2023-4596 in the Forminator contact forms plugin for WordPress up to version 1.24.6.
This vulnerability received a rating of 9.8 on the CVSS 10-point scale, where 10 is the highest level of danger. It allows unauthorized attackers to upload malicious files to websites, which can lead to remote code execution.
The vulnerability is particularly dangerous because it is accessible even to unauthorized users who do not have an account on the site. While many other vulnerabilities usually require a certain level of access, such as a user or administrator account.
The second reason why this vulnerability has received such a high risk rating is that attackers can download arbitrary files of any type, such as malicious scripts.
According to Wordfence, the issue has been resolved in Forminator version 1.25.0. All WordPress users using this plugin are advised to update it to the latest version immediately.
It's fair to say that these kinds of vulnerabilities aren't unique to WordPress plugins alone. They can occur in any content management system.
That is why, regardless of the system used, users are encouraged to regularly use security monitoring services and update any plugins and other third-party tools in a timely manner to ensure both their own security and that of their customers.
The US National Vulnerability Database (NVD) has published information about a critical vulnerability under the identifier CVE-2023-4596 in the Forminator contact forms plugin for WordPress up to version 1.24.6.
This vulnerability received a rating of 9.8 on the CVSS 10-point scale, where 10 is the highest level of danger. It allows unauthorized attackers to upload malicious files to websites, which can lead to remote code execution.
The vulnerability is particularly dangerous because it is accessible even to unauthorized users who do not have an account on the site. While many other vulnerabilities usually require a certain level of access, such as a user or administrator account.
The second reason why this vulnerability has received such a high risk rating is that attackers can download arbitrary files of any type, such as malicious scripts.
According to Wordfence, the issue has been resolved in Forminator version 1.25.0. All WordPress users using this plugin are advised to update it to the latest version immediately.
It's fair to say that these kinds of vulnerabilities aren't unique to WordPress plugins alone. They can occur in any content management system.
That is why, regardless of the system used, users are encouraged to regularly use security monitoring services and update any plugins and other third-party tools in a timely manner to ensure both their own security and that of their customers.
