CVE-2023-4666
Form-Maker < 1.15.20 - Unauthenticated Arbitrary File UploadThe Form Maker by 10Web WordPress plugin before 1.15.20 does not validate signatures when creating them on the server from user input, allowing unauthenticated users to create arbitrary files and lead to RCE
We have discovered 8,201 live websites that are affected by CVE-2023-4666.
Affected Software
| Product | |
| Category | Form Builders |
| Vulnerable Domains | 8,201 live websites (57.66% of Form Maker install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 249 versions ( 56.33% of all versions) |
Common Weakness Enumeration
CWE-434 Unrestricted Upload of File with Dangerous TypeDetails
- Published - Oct 16, 2023
- Updated - Aug 2, 2024
Credits
- dc11 (finder)
- WPScan (coordinator)
CWE
CVE References
CWE References
CVE-2023-4666 usage by Country
 United States | 3,288 websites |
 Germany | 879 websites |
 France | 406 websites |
 GB | 340 websites |
 Netherlands | 333 websites |
 Italy | 226 websites |
 Russia | 191 websites |
 Denmark | 164 websites |
 Canada | 163 websites |
 Switzerland | 142 websites |
CVE-2023-4666 usage by TLD
| .com | 3,426 websites |
| .org | 669 websites |
| .de | 409 websites |
| .nl | 316 websites |
| .co.uk | 212 websites |
| .net | 207 websites |
| .it | 186 websites |
| .ru | 176 websites |
| .fr | 131 websites |
| .com.br | 130 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2023-4666
Top websites that are affected by CVE-2023-4666. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| *********.com | United States | *,*** | |
| ********.nl | Netherlands | ***,*** | |
| ******.com | United States | ***,*** | |
| *****.eu |  Slovenia | ***,*** | |
| ****************.org | United States | ***,*** | |
| ****************.org | United States | ***,*** | |
| ******************.org | United States | ***,*** | |
| ******************.com | United States | ***,*** | |
| ****.it | Italy | ***,*** | |
| *******.org | United States | ***,*** |
FAQ
CVE-2023-4666 is Unrestricted Upload of File with Dangerous Type in Form Maker
A total of 8,201 websites have been identified as vulnerable to CVE-2023-4666, discovered through global website indexing conducted by WebTechSurvey.
Form Maker is susceptible to CVE-2023-4666 vulnerability.
Form Maker versions before 1.15.20 are vulnerable to CVE-2023-4666.
Version 1.15.20 of Form Maker addresses the CVE-2023-4666 security vulnerability.