CVE-2023-4596

CRITICAL EXPLOITED NUCLEI LAB

Forminator < 1.24.6 - Unauthenticated Arbitrary File Upload via upload_post_image()

Title source: llm

Exploitation Summary

CVE-2023-4596 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 4 public exploits from researchers including Mehmet Kelepçe, E1A, X-Projetion. A Nuclei detection template is also available.

AI-analyzed exploit summary This exploit demonstrates an unauthenticated remote command execution vulnerability in WordPress Plugin Forminator 1.24.6 via file upload. The vulnerability allows an attacker to upload a malicious PHP file through the 'postdata-1-post-image' parameter, bypassing file extension checks.

Description

The Forminator plugin for WordPress is vulnerable to arbitrary file uploads due to file type validation occurring after a file has been uploaded to the server in the upload_post_image() function in versions up to, and including, 1.24.6. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.

Exploits (4)

exploitdb WORKING POC

by Mehmet Kelepçe · textwebappsphp

https://www.exploit-db.com/exploits/51664

View Code ZIP pw:eip

This exploit demonstrates an unauthenticated remote command execution vulnerability in WordPress Plugin Forminator 1.24.6 via file upload. The vulnerability allows an attacker to upload a malicious PHP file through the 'postdata-1-post-image' parameter, bypassing file extension checks.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: WordPress Plugin Forminator 1.24.6

No auth needed

Prerequisites: WordPress site with Forminator plugin version 1.24.6 installed · Ability to send HTTP requests to the target server

MITRE ATT&CK

T1105 - Ingress Tool Transfer T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC 24 stars

by E1A · remote

https://github.com/E1A/CVE-2023-4596

View Code ZIP pw:eip

This repository contains a functional Python exploit for CVE-2023-4596, an unauthenticated arbitrary file upload vulnerability in the WordPress Forminator plugin. The exploit automates the process of uploading a malicious PHP file to achieve remote code execution (RCE) on vulnerable installations.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: WordPress Forminator plugin <= 1.24.6

No auth needed

Prerequisites: Target running WordPress with vulnerable Forminator plugin · File upload functionality enabled in Forminator

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1204 - User Execution

devstral-2 · analyzed Feb 18, 2026 Full analysis →

nomisec SCANNER 1 stars

by X-Projetion · poc

https://github.com/X-Projetion/CVE-2023-4596-OpenSSH-Multi-Checker

View Code ZIP pw:eip

This repository contains a bash script that scans for CVE-2024-6387 by checking OpenSSH versions on local and remote systems using nmap. It identifies vulnerable versions and excludes patched ones, providing a detailed report.

Classification

Scanner 95%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: OpenSSH versions 8.5 to 9.7 (excluding specific patched versions)

No auth needed

Prerequisites: nmap installed or ability to install it · network connectivity to target systems

MITRE ATT&CK

T1082 - System Information Discovery T1046 - Network Service Discovery

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC

by X-Projetion · remote

https://github.com/X-Projetion/CVE-2023-4596-Vulnerable-Exploit-and-Checker-Version

View Code ZIP pw:eip

This repository contains a functional Python exploit for CVE-2023-4596, targeting unauthenticated remote command execution via arbitrary file uploads in the Forminator plugin for WordPress. The script includes both a vulnerability checker and an exploit module capable of achieving RCE.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: WordPress Forminator plugin <= 1.24.6

No auth needed

Prerequisites: Target URL with Forminator file upload field · Network access to the target

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1505.003 - Web Shell

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Nuclei Templates (1)

WordPress Plugin Forminator 1.24.6 - Arbitrary File Upload

CRITICALVERIFIEDby E1A

Shodan: http.html:/wp-content/plugins/forminator

FOFA: body=/wp-content/plugins/forminator

References (3)

Core 3

Core References

Patch

https://plugins.trac.wordpress.org/changeset/2954409/forminator/trunk/library/fields/postdata.php

Exploit, Third Party Advisory, VDB Entry

https://www.exploit-db.com/exploits/51664

Third Party Advisory

https://www.wordfence.com/threat-intel/vulnerabilities/id/9cd87da6-1f4c-4a15-8ebb-6e0f8ef72513?source=cve

Scores

CVSS v3 9.8

EPSS 0.9078

EPSS Percentile 99.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Lab Environment

COMMUNITY

Community Lab

docker pull wordpress:latest

https://github.com/E1A/CVE-2023-4596

https://github.com/X-Projetion/CVE-2023-4596-Vulnerable-Exploit-and-Checker-Version

https://github.com/X-Projetion/CVE-2023-4596-OpenSSH-Multi-Checker

View in Library

Details

VulnCheck KEV 2023-08-29

CWE

CWE-434

Status published

Products (2)

incsub/forminator < 1.24.6

wpmudev/Forminator Forms – Contact Form, Payment Form & Custom Form Builder < 1.24.6

Published Aug 30, 2023

Tracked Since Feb 18, 2026