Lucene search
JpcertCVELIST:CVE-2024-28890HistoryApr 23, 2024 - 4:56 a.m.
CVE-2024-28890
2024-04-2304:56:24
jpcert
www.cve.org
forminator plugin vulnerability
unrestricted file upload
remote access vulnerability
dos attack
Forminator prior to 1.29.0 contains an unrestricted upload of file with dangerous type vulnerability. If this vulnerability is exploited, a remote attacker may obtain sensitive information by accessing files on the server, alter the site that uses the plugin, and cause a denial-of-service (DoS) condition.
CNA Affected
[
{
"vendor": "WPMU DEV",
"product": "Forminator",
"versions": [
{
"version": "prior to 1.29.0",
"status": "affected"
}
]
}
]Related
nvd
nvd
CVE-2024-28890
2024-04-23 05:15:49
cve
cve
CVE-2024-28890
2024-04-23 05:15:49
wpvulndb
wpvulndb
Forminator < 1.29.0 - Unauthenticated Arbitrary File Upload
2024-04-24 00:00:00
githubexploit
githubexploit
Exploit for CVE-2024-28890
2024-06-13 10:41:33
jvn
jvn
JVN#50132400: Multiple vulnerabilities in WordPress Plugin "Forminator"
2024-04-18 00:00:00
wallarmlab
wallarmlab
thn
thn
wordfence
wordfence