File Upload Vulnerability in MW WP Form Plugin by MW WP Form
CVE-2023-28409

9.8CRITICAL

Key Information:

Vendor: WordPress
Status: Mw WP Form
Vendor: CVE Published:; 23 May 2023

What is CVE-2023-28409?

The MW WP Form plugin versions up to v4.4.2 possess a vulnerability that allows remote unauthenticated attackers to perform unrestricted file uploads. This flaw could be exploited to upload arbitrary files, potentially leading to further exploitation of the hosting WordPress site. As a consequence, it is imperative for users to update to the latest version of the plugin to safeguard their web application from potential threats.

Affected Version(s)

MW WP Form versions v4.4.2 and earlier

References

https://plugins.2inc.org/mw-wp-form/blog/2023/05/08/752/

https://jvn.jp/en/jp/JVN01093915/

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 23, 2023
Vulnerability Reserved
Mar 15, 2023