Show plain JSON{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-4666", "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "state": "PUBLISHED", "assignerShortName": "WPScan", "dateReserved": "2023-08-31T09:36:18.251Z", "datePublished": "2023-10-16T19:39:11.293Z", "dateUpdated": "2024-08-02T07:31:06.651Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "shortName": "WPScan", "dateUpdated": "2023-10-16T19:39:11.293Z"}, "title": "Form-Maker < 1.15.20 - Unauthenticated Arbitrary File Upload", "problemTypes": [{"descriptions": [{"description": "CWE-434 Unrestricted Upload of File with Dangerous Type", "lang": "en", "type": "CWE"}]}], "affected": [{"vendor": "Unknown", "product": "Form Maker by 10Web", "versions": [{"status": "affected", "versionType": "custom", "version": "0", "lessThan": "1.15.20"}], "defaultStatus": "unaffected", "collectionURL": "https://wordpress.org/plugins"}], "descriptions": [{"lang": "en", "value": "The Form Maker by 10Web WordPress plugin before 1.15.20 does not validate signatures when creating them on the server from user input, allowing unauthenticated users to create arbitrary files and lead to RCE"}], "references": [{"url": "https://wpscan.com/vulnerability/c6597e36-02d6-46b4-89db-52c160f418be", "tags": ["exploit", "vdb-entry", "technical-description"]}], "credits": [{"lang": "en", "value": "dc11", "type": "finder"}, {"lang": "en", "value": "WPScan", "type": "coordinator"}], "source": {"discovery": "EXTERNAL"}, "x_generator": {"engine": "WPScan CVE Generator"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T07:31:06.651Z"}, "title": "CVE Program Container", "references": [{"url": "https://wpscan.com/vulnerability/c6597e36-02d6-46b4-89db-52c160f418be", "tags": ["exploit", "vdb-entry", "technical-description", "x_transferred"]}]}]}}