Forminator prior to 1.29.0 contains an unrestricted upload of file with dangerous type vulnerability. If this vulnerability is exploited, a remote attacker may obtain sensitive information by accessing files on the server, alter the site that uses the plugin, and cause a denial-of-service (DoS) condition.
Metrics
Affected Vendors & Products
| Vendors | Products |
|---|---|
| Incsub |
|
| Wpmudev |
|
No data.
References
History
Wed, 16 Jul 2025 13:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
epss
|
epss
|
Sat, 12 Jul 2025 13:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
epss
|
epss
|
Fri, 04 Apr 2025 13:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Incsub
Incsub forminator |
|
| CPEs | cpe:2.3:a:incsub:forminator:*:*:*:*:free:wordpress:*:* | |
| Vendors & Products |
Incsub
Incsub forminator |
Mon, 18 Nov 2024 21:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Wpmudev
Wpmudev broken Link Checker |
|
| Weaknesses | CWE-434 | |
| CPEs | cpe:2.3:a:wpmudev:broken_link_checker:*:*:*:*:*:wordpress:*:* | |
| Vendors & Products |
Wpmudev
Wpmudev broken Link Checker |
|
| Metrics |
ssvc
|
MITRE
Status: PUBLISHED
Assigner: jpcert
Published:
Updated: 2024-11-18T21:11:06.673Z
Reserved: 2024-04-12T01:58:21.194Z
Link: CVE-2024-28890
Vulnrichment
Updated: 2024-08-02T01:03:50.244Z
NVD
Status : Analyzed
Published: 2024-04-23T05:15:49.260
Modified: 2025-04-04T13:12:03.720
Link: CVE-2024-28890
Redhat
No data.