Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2024-28890

Published: 23/04/2024 Updated: 23/04/2024

Vulnerability Summary

Forminator before 1.29.0 contains an unrestricted upload of file with dangerous type vulnerability. If this vulnerability is exploited, a remote attacker may obtain sensitive information by accessing files on the server, alter the site that uses the plugin, and cause a denial-of-service (DoS) condition.

Vulnerability Trend

Recent Articles

Critical Forminator plugin flaw impacts over 300k WordPress sites
BleepingComputer • Bill Toulas • 20 Apr 2024

Critical Forminator plugin flaw impacts over 300k WordPress sites By Bill Toulas April 20, 2024 11:19 AM 0 The Forminator WordPress plugin used in over 500,000 sites is vulnerable to a flaw that allows malicious actors to perform unrestricted file uploads to the server. Forminator by WPMU DEV is a custom contact, feedback, quizzes, surveys/polls, and payment forms builder for WordPress sites that offers drag-and-drop functionality, extensive third-party integrations, and general versatility...

Read more...

References

https://wordpress.org/plugins/forminator/https://wpmudev.com/https://jvn.jp/en/jp/JVN50132400/https://nvd.nist.govhttps://www.bleepingcomputer.com/news/security/critical-forminator-plugin-flaw-impacts-over-300k-wordpress-sites/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322cross-site request forgeryunauthorizedCVE-2024-33925reflected XSSCVE-2023-51580CVE-2023-51579CVE-2015-2051CVE-2023-51609
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook