Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
prionPRIOn knowledge basePRION:CVE-2023-6559
HistoryDec 16, 2023 - 1:15 p.m.

Arbitrary file deletion

2023-12-1613:15:00
PRIOn knowledge base
www.prio-n.com
4
mw wp form plugin
wordpress
arbitrary file deletion
vulnerability
improper validation
unauthenticated attackers
site takeover
remote code execution

8.1 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

72.3%

JSON

The MW WP Form plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 5.0.3. This is due to the plugin not properly validating the path of an uploaded file prior to deleting it. This makes it possible for unauthenticated attackers to delete arbitrary files, including the wp-config.php file, which can make site takeover and remote code execution possible.

CPENameOperatorVersion
mw_wp_formlt5.0.4

Related

wpvulndb 1
nvd 1
cve 1
openvas 1
wordfence 2
cvelist 1
wpvulndb
wpvulndb
MW WP Form < 5.0.4 - Improper Limitation of File Name to Unauthenticated Arbitrary File Deletion
2023-12-19 00:00:00
nvd
nvd
CVE-2023-6559
2023-12-16 13:15:07
cve
cve
CVE-2023-6559
2023-12-16 13:15:07
openvas
openvas
WordPress The MW WP Form Plugin < 5.0.4 Arbitrary File Deletion Vulnerability
2023-08-29 00:00:00
wordfence
wordfence
$1,275 Bounty Awarded For Arbitrary File Deletion Vulnerability Patched in MW WP Form WordPress Plugin
2024-01-30 16:07:56
Wordfence Intelligence Weekly WordPress Vulnerability Report (December 11, 2023 to December 17, 2023)
2023-12-21 15:25:43
cvelist
cvelist
CVE-2023-6559
2023-12-16 12:29:16

8.1 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

72.3%

JSON
Related for PRION:CVE-2023-6559
wpvulndb1nvd1cve1openvas1wordfence2cvelist1