Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
wpvulndbWpvulndbWPVDB-ID:7F584E8E-1166-43CD-8762-C76D648B3A08
HistoryDec 04, 2023 - 12:00 a.m.

MW WP Form < 5.0.2 - Unauthenticated Arbitrary File Upload

2023-12-0400:00:00
wpscan.com
8
mw wp form
unauthenticated
arbitrary file upload
plugin
server

6.7 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

64.9%

JSON

Description The plugin does not properly handle unauthorised files from being uploaded, only logging the issue without stopping the process, allowing unauthenticated users to upload arbitrary files to the server when the ‘Saving inquiry data in database’ settings is enabled in the plugin

CPENameOperatorVersion
eq5.0.2

Related

wordfence 3
cvelist 1
zdt 1
prion 1
nvd 1
cve 1
wordfence
wordfence
Update ASAP! Critical Unauthenticated Arbitrary File Upload in MW WP Form Allows Malicious Code Execution
2023-12-04 14:42:57
2023’s Critical WordPress Vulnerabilities and How They Work
2024-02-12 19:11:21
Wordfence Intelligence Weekly WordPress Vulnerability Report (December 4, 2023 to December 10, 2023)
2023-12-14 16:32:44
cvelist
cvelist
CVE-2023-6316
2024-01-11 08:32:51
zdt
zdt
WordPress MW WP Form 5.0.1 Arbitrary File Upload Vulnerability
2023-12-05 00:00:00
prion
prion
Input validation
2024-01-11 09:15:00
nvd
nvd
CVE-2023-6316
2024-01-11 09:15:48
cve
cve
CVE-2023-6316
2024-01-11 09:15:48

6.7 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

64.9%

JSON
Related for WPVDB-ID:7F584E8E-1166-43CD-8762-C76D648B3A08
wordfence3cvelist1zdt1prion1nvd1cve1