2 matches found
Arbitrary file deletion
The MW WP Form plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 5.0.3. This is due to the plugin not properly validating the path of an uploaded file prior to deleting it. This makes it possible for unauthenticated attackers to delete arbitrary...
WordPress MW WP Form Plugin < 4.4.3 is vulnerable to Directory Traversal
Software MW WP Form Type Plugin Vulnerable versions 4.4.3 Fixed in 4.4.3 OWASP Top 10 A5: Broken Access Control Classification Directory Traversal CVE N/A Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID aac714a1b62d Credits Unknown Required privilege Unauthenticated...