Lucene search
K

4 matches found

OSV
OSV
added 2024/01/11 9:15 a.m.4 views

CVE-2023-6316

The MW WP Form plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'singlefileupload' function in versions up to, and including, 5.0.1. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's...

9.8CVSS7.9AI score0.01448EPSS
Exploits1References3
0day.today
0day.today
added 2023/12/05 12:0 a.m.725 views

WordPress MW WP Form 5.0.1 Arbitrary File Upload Vulnerability

Vulnerability Summary from Wordfence Intelligence Description: MW WP Form = 5.0.1 – Unauthenticated Arbitrary File Upload Affected Plugin: MW WP Form Plugin Slug: mw-wp-form Affected Versions: = 5.0.1 CVE ID: CVE-2023-6316 CVSS Score: 9.8 Critical CVSS Vector:...

9.8CVSS9.6AI score0.01448EPSS
Exploits1
Patchstack
Patchstack
added 2023/12/05 12:0 a.m.21 views

WordPress MW WP Form Plugin <= 5.0.1 is vulnerable to Arbitrary File Upload

Software MW WP Form Type Plugin Vulnerable versions = 5.0.1 Fixed in 5.0.2 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2023-6316 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 597833164ec3 Credits István Márton Required privilege Unauthenticat...

9.8CVSS6.7AI score0.01448EPSS
Exploits1References3Affected Software1
Wordfence Blog
Wordfence Blog
added 2023/12/04 2:42 p.m.51 views

Update ASAP! Critical Unauthenticated Arbitrary File Upload in MW WP Form Allows Malicious Code Execution

🎁 Wordfence just launched its bug bounty program. Through December 20th 2023, all researchers will earn 6.25x our normal bounty rates when Wordfence handles responsible disclosure for our Holiday Bug Extravaganza! Register as a researcher and submit your vulnerabilities today!🎁 On November 24,...

8AI score0.01448EPSS
Exploits1
Rows per page
Query Builder