CVE-2023-4666

{"id": "CVE-2023-4666", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2023-10-16T20:15:15.927", "references": [{"url": "https://wpscan.com/vulnerability/c6597e36-02d6-46b4-89db-52c160f418be", "tags": ["Exploit", "Third Party Advisory"], "source": "contact@wpscan.com"}, {"url": "https://wpscan.com/vulnerability/c6597e36-02d6-46b4-89db-52c160f418be", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "descriptions": [{"lang": "en", "value": "The Form Maker by 10Web WordPress plugin before 1.15.20 does not validate signatures when creating them on the server from user input, allowing unauthenticated users to create arbitrary files and lead to RCE"}, {"lang": "es", "value": "El complemento Form Maker by 10Web WordPress anterior al 15.1.20 no valida las firmas cuando las crea en el servidor a partir de la entrada del usuario, lo que permite a usuarios no autenticados crear archivos arbitrarios y conducir a RCE"}], "lastModified": "2024-11-21T08:35:38.553", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:10web:form_maker:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "BC0EA9F1-E6B1-4ACB-984A-2D4CAE5319A9", "versionEndExcluding": "1.15.20"}], "operator": "OR"}]}], "sourceIdentifier": "contact@wpscan.com"}