CVEs-PoC/2023/CVE-2023-2877.md at efebdd4f2d72a3494ec92163e9e88e00a3646b8a

CalvinBackup/CVEs-PoC

Fork 0

mirror of https://github.com/0xMarcio/cve.git synced 2026-06-04 18:08:00 +02:00

Files

T

0xMarcio cb00e1339f Update CVE list 2025-09-29 21:09

2025-09-29 21:09:30 +02:00

Description

The Formidable Forms WordPress plugin before 6.3.1 does not adequately authorize the user or validate the plugin URL in its functionality for installing add-ons. This allows a user with a role as low as Subscriber to install and activate arbitrary plugins of arbitrary versions from the WordPress.org plugin repository onto the site, leading to Remote Code Execution.

POC

Reference

https://wpscan.com/vulnerability/33765da5-c56e-42c1-83dd-fcaad976b402

Github

https://github.com/20142995/nuclei-templates
https://github.com/RandomRobbieBF/CVE-2023-2877
https://github.com/abrahim7112/Vulnerability-checking-program-for-Android
https://github.com/nomi-sec/PoC-in-GitHub

1.1 KiB Raw Blame History

CVE-2023-2877

Description

POC

Reference

Github

1.1 KiB

Raw Blame History