cleantalk
Vulnerabilities and Security Researches

MW WP Form, CVE-2026-6206

CVE, Research URL

CVE-2026-6206

Home page URL

Security reports for MW WP Form

Application

MW WP Form

Published on
May 14, 2026
Research Description
The MW WP Form plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 5.1.2 via the _get_post_property_from_querystring() function due to insufficient restrictions on which posts can be included. This makes it possible for unauthenticated attackers to extract data from password protected, private, or draft posts that they should not have access to.
Affected versions
max 5.1.3.
Status
vulnerable
Previous vulnerability researches
Smart Manager – WooCommerce Bulk Edit Products, Orders, Coupons, Any WordPress Post Type (Advanced) (CVE-2025-22710) , Jan 19, 2025
Smart Manager – WooCommerce Bulk Edit Products, Orders, Coupons, Any WordPress Post Type (Advanced) (CVE-2024-49687) , Oct 24, 2024
Smart Manager – WooCommerce Bulk Edit Products, Orders, Coupons, Any WordPress Post Type (Advanced) (CVE-2024-0566) , Jun 07, 2024
Smart Manager – WooCommerce Bulk Edit Products, Orders, Coupons, Any WordPress Post Type (Advanced) (54ee094a291c85ad46e95bf98a3a744d98443fda) , Jun 07, 2024
New vulnerability
WPGraphQL (CVE-2021-47959) , May 16, 2026
Smartcat Integration for WPML (CVE-2026-4683) , May 16, 2026
JoomSport – for Sports: Team & League, Football, Hockey & more (CVE-2026-6929) , May 16, 2026
Woocommerce Support System (CVE-2025-14033) , May 16, 2026
MW WP Form (CVE-2026-6206) , May 16, 2026