CVE-2026-8853

The MW WP Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'memo' parameter in all versions up to, and including, 5.1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level access and above,...

WordPress MW Font Changer <=4.2.5 - Cross-Site Scripting

WordPress MW Font Changer plugin 4.2.5 and before contains a cross-site scripting vulnerability which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication...

PT-2026-48393

The MW WP Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'memo' parameter in all versions up to, and including, 5.1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level access and above,...

WordPress MW WP Form plugin <= 5.1.3 - Authenticated (Editor+) Stored Cross-Site Scripting vulnerability

Authenticated Editor+ Stored Cross-Site Scripting vulnerability discovered by Sérgio Charruadas itzvenom in WordPress Plugin MW WP Form versions = 5.1.3...

CVE-2026-6206

The MW WP Form plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 5.1.2 via the getpostpropertyfromquerystring function due to insufficient restrictions on which posts can be included. This makes it possible for unauthenticated attackers to extract da...

CVE-2026-3718

The ManageWP Worker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'MWP-Key-Name' HTTP request header in all versions up to, and including, 4.9.31. This is due to insufficient input sanitization and output escaping of attacker-controlled header values. This makes it...

MINI-CGQQ-47MW-5PV2

Bulletin has no description...

WordPress MW WP Form plugin <= 5.1.3 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by VanTastic in WordPress Plugin MW WP Form versions = 5.1.3...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: drm/arm/malidp: fixed a possible null pointer dereferencing issue. In malidpmwconnectorreset, new memory is allocated using kzalloc, but no checks are performed. To prevent null pointer dereferencings, ensure that mwstate is...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: ntbhwswitchtec: A out-of-bounds shift was corrected in switchtecntbmwsettrans. There is a kernel API called ntbmwcleartrans that passes 0 to both addr and size. This would cause xlatepos to become negative. 23.734156 switchtec...

CVE-2026-6206

The MW WP Form plugin for WordPress (versions

CVE-2026-6206

The MW WP Form plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 5.1.2 via the getpostpropertyfromquerystring function due to insufficient restrictions on which posts can be included. This makes it possible for unauthenticated attackers to extract da...

WordPress plugin MW WP Form 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

PT-2026-40896

Name of the Vulnerable Software and Affected Versions MW WP Form versions prior to 5.1.3 Description Insufficient restrictions in the get post property from querystring function allow unauthenticated attackers to extract data from private, draft, or password-protected posts. Recommendations Updat...

MAL-2026-3409 Malicious code in mw-filesystem-events-nodream (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a3da27e815b33bf88dc4fb31bc8b5558501b65ded9de77aab08e7ae785c2c38b The package mw-filesystem-events-nodream was found to contain malicious code. Source: ossf-package-analysis...

SUSE CVE-2026-43141

In the Linux kernel, the following vulnerability has been resolved: ntb: ntbhwswitchtec: Fix shift-out-of-bounds for 0 mw lut Number of MW LUTs depends on NTB configuration and can be set to zero, in such scenario rounddownpowoftwo will cause undefined behaviour and should not be performed. This...

CVE-2026-5436

The MW WP Form plugin for WordPress is vulnerable to Arbitrary File Move/Read in all versions up to and including 5.1.1. This is due to insufficient validation of the $name parameter upload field key passed to the generateuserfiledirpath function, which uses WordPress's pathjoin — a function that...

WordPress MW WP Form plugin <= 5.1.1 - Unauthenticated Arbitrary File Move via regenerate_upload_file_keys vulnerability

Unauthenticated Arbitrary File Move via regenerateuploadfilekeys vulnerability discovered by Sander Horsman - Conda Security in WordPress Plugin MW WP Form versions = 5.1.1...

EUVD-2026-20643

The MW WP Form plugin for WordPress is vulnerable to Arbitrary File Move/Read in all versions up to and including 5.1.1. This is due to insufficient validation of the $name parameter upload field key passed to the generateuserfiledirpath function, which uses WordPress's pathjoin — a function that...

CVE-2026-5436

The MW WP Form plugin for WordPress is vulnerable to Arbitrary File Move/Read in all versions up to and including 5.1.1. This is due to insufficient validation of the $name parameter upload field key passed to the generateuserfiledirpath function, which uses WordPress's pathjoin — a function that...