4 matches found
CVE-2023-6559
creationtimestamp| type| source ---|---|--- 2024-01-11 18:31:25+00:00| seen| https://t.me/ctinow/166717...
CVE-2023-6559
The MW WP Form plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 5.0.3. This is due to the plugin not properly validating the path of an uploaded file prior to deleting it. This makes it possible for unauthenticated attackers to delete arbitrary...
CVE-2023-6559
Affected software: MW WP Form plugin for WordPress (versions ≤ 5.0.3). Vulnerability and root cause: Arbitrary file deletion due to improper validation/sanitization of the path of uploaded attachments when processing a form submission. The code deletes files after sending admin mail without valid...
WordPress MW WP Form Plugin <= 5.0.3 is vulnerable to Arbitrary File Deletion
Software MW WP Form Type Plugin Vulnerable versions = 5.0.3 Fixed in 5.0.4 OWASP Top 10 A3: Injection Classification Arbitrary File Deletion CVE CVE-2023-6559 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID 24368a3488f4 Credits Thomas Sanzey Required privilege...