cleantalk
Vulnerabilities and Security Researches

Snow Monkey Forms, 178f7c4537e05e28f7bac32eb5c8627713aafc4e

CVE, Research URL

178f7c4537e05e28f7bac32eb5c8627713aafc4e

Home page URL

Security reports for Snow Monkey Forms

Application

Snow Monkey Forms

Published on
May 08, 2023
Research Description
Snow Monkey Forms [snow-monkey-forms] < 5.0.7 Snow Monkey Forms <= 5.1.1 - Directory Traversal via 'view' REST endpiont The Snow Monkey Forms plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 5.1.1 via the 'view' REST endpoint. This allows unauthenticated attackers to upload files with randomized names and non-executable extensions to arbitrary folders.
Affected versions
max 5.0.7.
Status
vulnerable
Previous vulnerability researches
Snow Monkey Forms (CVE-2023-28408) , Jun 07, 2024
Snow Monkey Forms (178f7c4537e05e28f7bac32eb5c8627713aafc4e) , Jun 07, 2024
Snow Monkey Forms (CVE-2023-28413) , Jun 07, 2024
Snow Monkey Forms (CVE-2023-32623) , Jun 07, 2024
Snow Monkey Forms (CVE-2026-1056) , Apr 15, 2026
New vulnerability
Customer Reviews for WooCommerce (CVE-2026-1316) , Apr 15, 2026
WP Recipe Maker (CVE-2026-1558) , Apr 15, 2026
Page and Post Clone (CVE-2026-2893) , Apr 15, 2026
Greenshift &#8211; animation and page builder blocks (CVE-2026-2589) , Apr 15, 2026
Greenshift &#8211; animation and page builder blocks (CVE-2026-1927) , Apr 15, 2026