Lucene search
K

4 matches found

Circl
Circl
added 2024/01/11 6:31 p.m.5 views

CVE-2023-6559

creationtimestamp| type| source ---|---|--- 2024-01-11 18:31:25+00:00| seen| https://t.me/ctinow/166717...

9.8CVSS8.7AI score0.01313EPSS
Exploits0References1
OSV
OSV
added 2023/12/16 1:15 p.m.6 views

CVE-2023-6559

The MW WP Form plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 5.0.3. This is due to the plugin not properly validating the path of an uploaded file prior to deleting it. This makes it possible for unauthenticated attackers to delete arbitrary...

9.8CVSS6.2AI score0.01313EPSS
Exploits0References2
CVE
CVE
added 2023/12/16 12:29 p.m.73 views

CVE-2023-6559

Affected software: MW WP Form plugin for WordPress (versions ≤ 5.0.3). Vulnerability and root cause: Arbitrary file deletion due to improper validation/sanitization of the path of uploaded attachments when processing a form submission. The code deletes files after sending admin mail without valid...

9.8CVSS9.7AI score0.01313EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/12/16 12:0 a.m.16 views

WordPress MW WP Form Plugin <= 5.0.3 is vulnerable to Arbitrary File Deletion

Software MW WP Form Type Plugin Vulnerable versions = 5.0.3 Fixed in 5.0.4 OWASP Top 10 A3: Injection Classification Arbitrary File Deletion CVE CVE-2023-6559 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID 24368a3488f4 Credits Thomas Sanzey Required privilege...

9.8CVSS6.7AI score0.01313EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder