The MW WP Form plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the '_single_file_upload' function in versions up to, and including, 5.0.1. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: Wordfence
Published: 2024-01-11T08:32:51.833Z
Updated: 2024-08-02T08:28:21.777Z
Reserved: 2023-11-27T14:10:09.180Z
Link: CVE-2023-6316
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2024-01-11T09:15:48.210
Modified: 2024-01-17T20:17:22.003
Link: CVE-2023-6316
Redhat
No data.