DRUPAL-CONTRIB-2024-060

The module creates an endpoint on the site at /postfile/upload that accepts a POST request for uploading a single file into a specified file system public, private, etc. This module accepts any uploaded file extension, including dangerous file formats so it can be used to bypass the...

DRUPAL-CONTRIB-2024-059

The module creates an endpoint on the site at /postfile/upload that accepts a POST request for uploading a single file into a specified file system public, private, etc. The module doesn't sufficiently protect against Cross Site Request Forgery under allowing an attacker to trick a site user into...

CVE-2023-6316

The MW WP Form plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'singlefileupload' function in versions up to, and including, 5.0.1. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's...

The vulnerability of the _single_file Upload() function in the MW WP Form plugin for WordPress content management system allows a hacker to upload arbitrary files and execute arbitrary code.

The vulnerability of the singlefile Upload function in the MW WP Form plugin for WordPress content management system involves unlimited uploading of dangerous types of files. Exploiting this vulnerability could allow a malicious actor to upload arbitrary files and execute arbitrary code...