CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-6316 – MW WP Form <= 5.0.1 - Unauthenticated Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2023-6316
04 Dec 2023 — The MW WP Form plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the '_single_file_upload' function in versions up to, and including, 5.0.1. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. El complemento MW WP Form para WordPress es vulnerable a cargas de archivos arbitrarias debido a una validación insuficiente del tipo de archivo en la función '... • https://plugins.trac.wordpress.org/browser/mw-wp-form/tags/5.0.1/classes/models/class.file.php#L60 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-28408
https://notcve.org/view.php?id=CVE-2023-28408
23 May 2023 — Directory traversal vulnerability in MW WP Form versions v4.4.2 and earlier allows a remote unauthenticated attacker to alter the website or cause a denial-of-service (DoS) condition, and obtain sensitive information depending on settings. • https://jvn.jp/en/jp/JVN01093915 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-28409 – MW WP Form <= 4.4.2 - Directory Traversal via _file_upload
https://notcve.org/view.php?id=CVE-2023-28409
08 May 2023 — Unrestricted upload of file with dangerous type exists in MW WP Form versions v4.4.2 and earlier, which may allow a remote unauthenticated attacker to upload an arbitrary file. The MW WP Form plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 4.4.2 via the _file_upload function. This allows unauthenticated attackers to upload files of allowed types to arbitrary directories on the site. • https://jvn.jp/en/jp/JVN01093915 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-434: Unrestricted Upload of File with Dangerous Type •