Skip to main content

Mw Wp Form

5 CVEs product

Monthly

CVE-2026-48871 HIGH This Week

Reflected or stored Cross-Site Scripting in the MW WP Form WordPress plugin (versions <= 5.1.3) allows remote unauthenticated attackers to inject arbitrary JavaScript that executes in a victim's browser when they interact with crafted plugin content. The CVSS vector (AV:N/AC:L/PR:N/UI:R/S:C) indicates network-reachable exploitation with no privileges but requiring user interaction, and the scope change reflects the cross-origin impact typical of XSS in browser contexts. No public exploit identified at time of analysis, and the issue is not currently listed in CISA KEV.

XSS Mw Wp Form
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2024-24804 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in websoudan MW WP Form allows Stored XSS.0.6. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Mw Wp Form
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2023-6559 HIGH PATCH This Week

The MW WP Form plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 5.0.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

WordPress PHP Path Traversal RCE Mw Wp Form
NVD VulDB
CVSS 3.1
7.5
EPSS
6.1%
CVE-2023-28409 CRITICAL Act Now

Unrestricted upload of file with dangerous type exists in MW WP Form versions v4.4.2 and earlier, which may allow a remote unauthenticated attacker to upload an arbitrary file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Mw Wp Form
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-28408 CRITICAL Act Now

Directory traversal vulnerability in MW WP Form versions v4.4.2 and earlier allows a remote unauthenticated attacker to alter the website or cause a denial-of-service (DoS) condition, and obtain. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Mw Wp Form
NVD
CVSS 3.1
9.8
EPSS
1.8%
EPSS 0% CVSS 7.1
HIGH This Week

Reflected or stored Cross-Site Scripting in the MW WP Form WordPress plugin (versions <= 5.1.3) allows remote unauthenticated attackers to inject arbitrary JavaScript that executes in a victim's browser when they interact with crafted plugin content. The CVSS vector (AV:N/AC:L/PR:N/UI:R/S:C) indicates network-reachable exploitation with no privileges but requiring user interaction, and the scope change reflects the cross-origin impact typical of XSS in browser contexts. No public exploit identified at time of analysis, and the issue is not currently listed in CISA KEV.

XSS Mw Wp Form
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in websoudan MW WP Form allows Stored XSS.0.6. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Mw Wp Form
NVD
EPSS 6% CVSS 7.5
HIGH PATCH This Week

The MW WP Form plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 5.0.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

WordPress PHP Path Traversal +2
NVD VulDB
EPSS 1% CVSS 9.8
CRITICAL Act Now

Unrestricted upload of file with dangerous type exists in MW WP Form versions v4.4.2 and earlier, which may allow a remote unauthenticated attacker to upload an arbitrary file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Mw Wp Form
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

Directory traversal vulnerability in MW WP Form versions v4.4.2 and earlier allows a remote unauthenticated attacker to alter the website or cause a denial-of-service (DoS) condition, and obtain. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Mw Wp Form
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy