cleantalk
Vulnerabilities and Security Researches

MW WP Form, f8ff86f77b0d6ce822aaa5af5c71d680ab99821f

CVE, Research URL

f8ff86f77b0d6ce822aaa5af5c71d680ab99821f

Home page URL

Security reports for MW WP Form

Application

MW WP Form

Published on
May 08, 2023
Research Description
MW WP Form [mw-wp-form] < 4.4.3 (closed) MW WP Form <= 4.4.2 - Directory Traversal via _file_upload The MW WP Form plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 4.4.2 via the _file_upload function. This allows unauthenticated attackers to upload files of allowed types to arbitrary directories on the site.
Affected versions
max 4.4.3.
Status
vulnerable
Previous vulnerability researches
MW WP Form (CVE-2026-5436) , Apr 13, 2026
MW WP Form (CVE-2026-4347) , Apr 13, 2026
MW WP Form (f8ff86f77b0d6ce822aaa5af5c71d680ab99821f) , Jun 06, 2024
MW WP Form (CVE-2023-6559) , Jun 06, 2024
MW WP Form (CVE-2024-24804) , Jun 06, 2024
New vulnerability
WPGraphQL (CVE-2021-47959) , May 16, 2026
Smartcat Integration for WPML (CVE-2026-4683) , May 16, 2026
JoomSport &#8211; for Sports: Team &amp; League, Football, Hockey &amp; more (CVE-2026-6929) , May 16, 2026
Woocommerce Support System (CVE-2025-14033) , May 16, 2026
MW WP Form (CVE-2026-6206) , May 16, 2026