CVE-2026-1056

The Snow Monkey Forms plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'generateuserdirpath' function in all versions up to, and including, 12.0.3. This makes it possible for unauthenticated attackers to delete arbitrary files on the...

CVE-2026-1056

Summary: CVE-2026-1056 affects the Snow Monkey Forms WordPress plugin. The vulnerability is caused by insufficient file path validation in the PHP function that generates a user directory path, specifically in Directory::generate_user_dirpath, which concatenates an unvalidated form_id onto a toke...

CVE-2026-1056 Snow Monkey Forms <= 12.0.3 - Unauthenticated Arbitrary File Deletion via Path Traversal

The Snow Monkey Forms plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'generateuserdirpath' function in all versions up to, and including, 12.0.3. This makes it possible for unauthenticated attackers to delete arbitrary files on the...

CVE-2026-1056

The Snow Monkey Forms plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'generateuserdirpath' function in all versions up to, and including, 12.0.3. This makes it possible for unauthenticated attackers to delete arbitrary files on the...

WordPress Snow Monkey Forms plugin <= 12.0.3 - Unauthenticated Arbitrary File Deletion via Path Traversal vulnerability

Unauthenticated Arbitrary File Deletion via Path Traversal vulnerability discovered by Sarawut Poolkhet MisterHelloz in WordPress Plugin Snow Monkey Forms versions = 12.0.3...

PT-2026-5121

Name of the Vulnerable Software and Affected Versions Snow Monkey Forms versions up to and including 12.0.3 Description The Snow Monkey Forms plugin for WordPress is susceptible to arbitrary file deletion. Insufficient file path validation within the generate user dirpath function allows...

CVE-2023-32623

Directory traversal vulnerability in Snow Monkey Forms v5.1.1 and earlier allows a remote unauthenticated attacker to delete arbitrary files on the server...

WordPress Plugin "Snow Monkey Forms" vulnerable to directory traversal

Overview WordPress Plugin "Snow Monkey Forms" provided by Monkey Wrench Inc. contains a directory traversal vulnerability CWE-22. Shinsaku Nomura of Bitforest Co.,Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership...

CVE-2023-28413

Directory traversal vulnerability in Snow Monkey Forms versions v5.0.6 and earlier allows a remote unauthenticated attacker to obtain sensitive information, alter the website, or cause a denial-of-service DoS condition...

Multiple vulnerabilities in WordPress Plugin "MW WP Form" and "Snow Monkey Forms"

Overview WordPress Plugin "MW WP Form" and "Snow Monkey Forms" provided by Monkey Wrench Inc. contain multiple vulnerabilities listed below. Directory traversal CWE-22 - CVE-2023-28408 Unrestricted upload of file with dangerous type CWE-434 - CVE-2023-28409 Directory traversal CWE-22 -...

WordPress plugin Snow Monkey Forms 路径遍历漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...