The National Base of the US Vulnerability (NVD) published information about a critical vulnerability found in the contact forms plugin forminator for WordPress up to version 1.24.6. The vulnerability is identified as CVE-2023-4596.
This vulnerability has been rated 9.8 on a 10-point CVSS scale, indicating its high level of danger. It allows unauthorized attackers to download malicious files to vulnerable sites, potentially leading to remote code execution.
What makes this vulnerability particularly dangerous is that it can be exploited by unauthorized users without an account on the site. Unlike other vulnerabilities that require a certain level of access, this vulnerability poses a risk to all users.
Another reason behind its high danger rating is the ability of attackers to download arbitrary files of any type, including malicious scripts.
According to Wordfence, the issue has been resolved in the Forminator 1.25.0 version. It is highly recommended for WordPress users who are using this plugin to update it immediately to the latest version.
It is essential to note that this type of vulnerability is not exclusive to WordPress plugins and can occur in any content management system. Therefore, users are advised to regularly utilize security monitoring services and promptly update all plugins and third-party tools to ensure the safety of both themselves and their customers.