4 matches found
CVE-2023-6316
The MW WP Form plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'singlefileupload' function in versions up to, and including, 5.0.1. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's...
WordPress MW WP Form 5.0.1 Arbitrary File Upload Vulnerability
Vulnerability Summary from Wordfence Intelligence Description: MW WP Form = 5.0.1 – Unauthenticated Arbitrary File Upload Affected Plugin: MW WP Form Plugin Slug: mw-wp-form Affected Versions: = 5.0.1 CVE ID: CVE-2023-6316 CVSS Score: 9.8 Critical CVSS Vector:...
WordPress MW WP Form Plugin <= 5.0.1 is vulnerable to Arbitrary File Upload
Software MW WP Form Type Plugin Vulnerable versions = 5.0.1 Fixed in 5.0.2 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2023-6316 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 597833164ec3 Credits István Márton Required privilege Unauthenticat...
Update ASAP! Critical Unauthenticated Arbitrary File Upload in MW WP Form Allows Malicious Code Execution
🎁 Wordfence just launched its bug bounty program. Through December 20th 2023, all researchers will earn 6.25x our normal bounty rates when Wordfence handles responsible disclosure for our Holiday Bug Extravaganza! Register as a researcher and submit your vulnerabilities today!🎁 On November 24,...