Vulnerability Database

309,364

Total vulnerabilities in the database

CVE-2023-4666

The Form Maker by 10Web WordPress plugin before 1.15.20 does not validate signatures when creating them on the server from user input, allowing unauthenticated users to create arbitrary files and lead to RCE

Published: Oct 16, 2023
Updated: Nov 16, 2025
CVE: CVE-2023-4666
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.8
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-434

Affected Software
References

Software	From	Fixed in
10web / form_maker	-	1.15.20

https://wpscan.com/vulnerability/c6597e36-02d6-46b4-89db-52c160f418be

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo