CVE-2023-4666

Name of the Vulnerable Software and Affected Versions The Form Maker by 10Web WordPress plugin versions prior to 1.15.20

Description The issue allows unauthenticated users to create arbitrary files on the server from user input due to a lack of signature validation, potentially leading to remote code execution (RCE).

Recommendations For versions prior to 1.15.20, update to version 1.15.20 or later to resolve the issue. As a temporary workaround, consider restricting access to the plugin's file creation functionality until a patch is applied.