7 matches found
CVE-2026-5436
The MW WP Form plugin for WordPress is vulnerable to Arbitrary File Move/Read in all versions up to and including 5.1.1. This is due to insufficient validation of the $name parameter upload field key passed to the generateuserfiledirpath function, which uses WordPress's pathjoin — a function that...
PT-2026-31452
The MW WP Form plugin for WordPress is vulnerable to Arbitrary File Move/Read in all versions up to and including 5.1.1. This is due to insufficient validation of the $name parameter upload field key passed to the generate user file dirpath function, which uses WordPress's path join — a function...
CVE-2026-4347
The MW WP Form plugin for WordPress is vulnerable to arbitrary file moving due to insufficient file path validation via the 'generateuserfilepath' function and the 'movetempfiletouploaddir' function in all versions up to, and including, 5.1.0. This makes it possible for unauthenticated attackers ...
EUVD-2026-18124
The MW WP Form plugin for WordPress is vulnerable to arbitrary file moving due to insufficient file path validation via the 'generateuserfilepath' function and the 'movetempfiletouploaddir' function in all versions up to, and including, 5.1.0. This makes it possible for unauthenticated attackers ...
CVE-2026-4347
The CVE-2026-4347 vulnerability affects the MW WP Form WordPress plugin up to version 5.1.0. It arises from insufficient file path validation in generate_user_filepath and move_temp_file_to_upload_dir, allowing unauthenticated attackers to move arbitrary server files (e.g., wp-config.php) if a fi...
CVE-2026-4347 MW WP Form <= 5.1.0 - Unauthenticated Arbitrary File Move via move_temp_file_to_upload_dir
The MW WP Form plugin for WordPress is vulnerable to arbitrary file moving due to insufficient file path validation via the 'generateuserfilepath' function and the 'movetempfiletouploaddir' function in all versions up to, and including, 5.1.0. This makes it possible for unauthenticated attackers ...
CVE-2026-4347 MW WP Form <= 5.1.0 - Unauthenticated Arbitrary File Move via move_temp_file_to_upload_dir
The MW WP Form plugin for WordPress is vulnerable to arbitrary file moving due to insufficient file path validation via the 'generateuserfilepath' function and the 'movetempfiletouploaddir' function in all versions up to, and including, 5.1.0. This makes it possible for unauthenticated attackers ...