Mw Wp Form@* Security Vulnerabilities and Issues — Mw Wp Form@* CVE List

Lucene search

Mw Wp Form ProjectMw Wp Form*

3 matches found

CVE•added 2024/01/11 9:15 a.m.•106 views

CVE-2023-6316

The MW WP Form plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the '_single_file_upload' function in versions up to, and including, 5.0.1. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's s...

9.8CVSS9.8AI score0.08274EPSS

CVE•added 2023/05/23 2:15 a.m.•59 views

CVE-2023-28409

Unrestricted upload of file with dangerous type exists in MW WP Form versions v4.4.2 and earlier, which may allow a remote unauthenticated attacker to upload an arbitrary file.

9.8CVSS9.4AI score0.03595EPSS

CVE•added 2023/05/23 2:15 a.m.•55 views

CVE-2023-28408

Directory traversal vulnerability in MW WP Form versions v4.4.2 and earlier allows a remote unauthenticated attacker to alter the website or cause a denial-of-service (DoS) condition, and obtain sensitive information depending on settings.

9.8CVSS9.2AI score0.02803EPSS