Vulnerabilities and security researches forsnow-monkey-forms snow-monkey-forms

Jun 07, 2024

CVE, Research URL: CVE-2023-28408
Home page URL: Security reports for Snow Monkey Forms
Application: Snow Monkey Forms
Date: May 23, 2023
Research Description: Directory traversal vulnerability in MW WP Form versions v4.4.2 and earlier allows a remote unauthenticated attacker to alter the website or cause a denial-of-service (DoS) condition, and obtain sensitive information depending on settings.
Affected versions: max 5.0.7.
Status: vulnerable

CVE, Research URL: 178f7c4537e05e28f7bac32eb5c8627713aafc4e
Home page URL: Security reports for Snow Monkey Forms
Application: Snow Monkey Forms
Date: May 08, 2023
Research Description: Snow Monkey Forms [snow-monkey-forms] < 5.0.7 Snow Monkey Forms <= 5.1.1 - Directory Traversal via 'view' REST endpiont The Snow Monkey Forms plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 5.1.1 via the 'view' REST endpoint. This allows unauthenticated attackers to upload files with randomized names and non-executable extensions to arbitrary folders.
Affected versions: max 5.0.7.
Status: vulnerable

CVE, Research URL: CVE-2023-28413
Home page URL: Security reports for Snow Monkey Forms
Application: Snow Monkey Forms
Date: May 23, 2023
Research Description: Directory traversal vulnerability in Snow Monkey Forms versions v5.0.6 and earlier allows a remote unauthenticated attacker to obtain sensitive information, alter the website, or cause a denial-of-service (DoS) condition.
Affected versions: max 5.0.7.
Status: vulnerable

CVE, Research URL: CVE-2023-32623
Home page URL: Security reports for Snow Monkey Forms
Application: Snow Monkey Forms
Date: Jun 28, 2023
Research Description: Directory traversal vulnerability in Snow Monkey Forms v5.1.1 and earlier allows a remote unauthenticated attacker to delete arbitrary files on the server.
Affected versions: max 5.1.1.
Status: vulnerable

Apr 15, 2026

CVE, Research URL: CVE-2026-1056
Home page URL: Security reports for Snow Monkey Forms
Application: Snow Monkey Forms
Date: Jan 28, 2026
Research Description: The Snow Monkey Forms plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'generate_user_dirpath' function in all versions up to, and including, 12.0.3. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).
Affected versions: max 12.0.4.
Status: vulnerable