CVE-2023-4666

CRITICAL EXPLOITED NUCLEI

The Form Maker <1.15.20 - RCE

Title source: llm

Description

The Form Maker by 10Web WordPress plugin before 1.15.20 does not validate signatures when creating them on the server from user input, allowing unauthenticated users to create arbitrary files and lead to RCE

Nuclei Templates (1)

Form-Maker < 1.15.20 - Unauthenticated Arbitrary File Upload

CRITICALVERIFIEDby pussycat0x

FOFA: body="/wp-content/plugins/form-maker/"

References (1)

[Exploit, Third Party Advisory] https://wpscan.com/vulnerability/c6597e36-02d6-46b4-89db-52c160f418be

Scores

CVSS v3 9.8

EPSS 0.7568

EPSS Percentile 98.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

VulnCheck KEV 2023-09-07

Status published

Products (1)

10web/form_maker < 1.15.20

Published Oct 16, 2023

Tracked Since Feb 18, 2026