Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8
CVE-2023-6316
- EPSS 8.27%
- Veröffentlicht 11.01.2024 09:15:48
- Zuletzt bearbeitet 21.11.2024 08:43:36
The MW WP Form plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the '_single_file_upload' function in versions up to, and including, 5.0.1. This makes it possible for unauthenticated attackers t...
9.8
CVE-2023-28408
- EPSS 2.72%
- Veröffentlicht 23.05.2023 02:15:10
- Zuletzt bearbeitet 17.01.2025 19:15:28
Directory traversal vulnerability in MW WP Form versions v4.4.2 and earlier allows a remote unauthenticated attacker to alter the website or cause a denial-of-service (DoS) condition, and obtain sensitive information depending on settings.
9.8
CVE-2023-28409
- EPSS 4.45%
- Veröffentlicht 23.05.2023 02:15:10
- Zuletzt bearbeitet 31.01.2025 14:15:31
Unrestricted upload of file with dangerous type exists in MW WP Form versions v4.4.2 and earlier, which may allow a remote unauthenticated attacker to upload an arbitrary file.
1