CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-24804 – WordPress MW WP Form Plugin <= 5.0.6 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2024-24804
31 Jan 2024 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in websoudan MW WP Form allows Stored XSS.This issue affects MW WP Form: from n/a through 5.0.6. La vulnerabilidad de neutralización inadecuada de la entrada durante la generación de páginas web ('cross-site Scripting') en websoudan MW WP Form permite almacenar XSS. Este problema afecta a MW WP Form: desde n/a hasta 5.0.6. The MW WP Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting in vers... • https://patchstack.com/database/vulnerability/mw-wp-form/wordpress-mw-wp-form-plugin-5-0-6-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-6559 – MW WP Form <= 5.0.3 - Improper Limitation of File Name to Unauthenticated Arbitrary File Deletion
https://notcve.org/view.php?id=CVE-2023-6559
15 Dec 2023 — The MW WP Form plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 5.0.3. This is due to the plugin not properly validating the path of an uploaded file prior to deleting it. This makes it possible for unauthenticated attackers to delete arbitrary files, including the wp-config.php file, which can make site takeover and remote code execution possible. El complemento MW WP Form para WordPress es vulnerable a la eliminación arbitraria de archivos en todas las ve... • https://plugins.trac.wordpress.org/changeset/3007879/mw-wp-form • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •