Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

RedhatCVE
RedhatCVEadded 2026/04/11 1:22 a.m.3 views

CVE-2026-5436

The MW WP Form plugin for WordPress is vulnerable to Arbitrary File Move/Read in all versions up to and including 5.1.1. This is due to insufficient validation of the $name parameter upload field key passed to the generateuserfiledirpath function, which uses WordPress's pathjoin — a function that...

8.1CVSS6.4AI score0.00145EPSS
Exploits0References1
NVD
NVDadded 2026/04/08 9:17 p.m.1 views

CVE-2026-5436

The MW WP Form plugin for WordPress is vulnerable to Arbitrary File Move/Read in all versions up to and including 5.1.1. This is due to insufficient validation of the $name parameter upload field key passed to the generateuserfiledirpath function, which uses WordPress's pathjoin — a function that...

8.1CVSS0.00145EPSS
Exploits0References5
Positive Technologies
Positive Technologiesadded 2026/04/02 12:0 a.m.1 views

PT-2026-29681

Name of the Vulnerable Software and Affected Versions MW WP Form plugin for WordPress versions up to and including 5.1.0 Description The MW WP Form plugin for WordPress is susceptible to arbitrary file movement due to inadequate file path validation through the generate user filepath function and...

8.1CVSS6.6AI score0.00134EPSS
Exploits0References10
Wordfence Blog
Wordfence Blogadded 2026/04/01 5:1 p.m.3 views

200,000 WordPress Sites Affected by Arbitrary File Move Vulnerability in MW WP Form WordPress Plugin

On March 16th, 2026, we received a submission for an Arbitrary File Move vulnerability in MW WP Form, a WordPress plugin with more than 200,000 active installations. This vulnerability makes it possible for unauthenticated threat actors to move arbitrary files, including the wp-config.php file,...

8.1CVSS6.7AI score0.00134EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notesadded 2023/12/15 6:17 a.m.3 views

WordPress plugin "MW WP Form" vulnerable to arbitrary file upload

Overview WordPress plugin "MW WP Form" provided by Web Consultation Office Co., Ltd can create a mail form using shortcode. MW WP Form contains a vulnerability that may allow an attacker to upload arbitrary files CVE-2023-6316, CWE-434. Impact When the "Saving inquiry data in database" option in...

9.8CVSS7.7AI score0.08274EPSS
Exploits1References7
Debian CVE
Debian CVEadded 2023/07/26 8:9 p.m.66 views

CVE-2023-32001

Removed by vendor...

6.6AI score
Exploits0
OSV
OSVadded 2022/12/14 9:15 p.m.1 views

CVE-2022-4501

The Mega Addons plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the vcsavingdata function in versions up to, and including, 4.2.7. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to update the plugin'...

6.5CVSS5.8AI score
Exploits0References2
Positive Technologies
Positive Technologiesadded 2022/12/14 12:0 a.m.2 views

PT-2022-27365 · WordPress · Mega Addons

Name of the Vulnerable Software and Affected Versions: Mega Addons plugin for WordPress versions up to, and including, 4.2.7 Description: The issue is related to authorization bypass due to a missing capability check on the vc saving data function. This allows authenticated attackers with...

7.1CVSS6.2AI score0.0018EPSS
Exploits0References5
Rows per page
Query Builder