Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
wpvulndbWpvulndbWPVDB-ID:36FE6757-C1A5-46ED-8451-4323C17C30A9
HistoryDec 19, 2023 - 12:00 a.m.

MW WP Form < 5.0.4 - Improper Limitation of File Name to Unauthenticated Arbitrary File Deletion

2023-12-1900:00:00
wpscan.com
9
mw wp form
wordpress
arbitrary file deletion
unauthenticated attackers
site takeover

7.9 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

72.3%

JSON

Description The MW WP Form plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 5.0.3. This is due to the plugin not properly validating the path of an uploaded file prior to deleting it. This makes it possible for unauthenticated attackers to delete arbitrary files, including the wp-config.php file, which can make site takeover and remote code execution possible.

CPENameOperatorVersion
eq5.0.4

Related

nvd 1
cve 1
openvas 1
wordfence 2
cvelist 1
prion 1
nvd
nvd
CVE-2023-6559
2023-12-16 13:15:07
cve
cve
CVE-2023-6559
2023-12-16 13:15:07
openvas
openvas
WordPress The MW WP Form Plugin < 5.0.4 Arbitrary File Deletion Vulnerability
2023-08-29 00:00:00
wordfence
wordfence
$1,275 Bounty Awarded For Arbitrary File Deletion Vulnerability Patched in MW WP Form WordPress Plugin
2024-01-30 16:07:56
Wordfence Intelligence Weekly WordPress Vulnerability Report (December 11, 2023 to December 17, 2023)
2023-12-21 15:25:43
cvelist
cvelist
CVE-2023-6559
2023-12-16 12:29:16
prion
prion
Arbitrary file deletion
2023-12-16 13:15:00

7.9 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

72.3%

JSON
Related for WPVDB-ID:36FE6757-C1A5-46ED-8451-4323C17C30A9
nvd1cve1openvas1wordfence2cvelist1prion1