PT-2023-21697 · Unknown · Mw Wp Form
Shuya Ota
·
Published
2023-05-23
·
Updated
2025-01-31
·
CVE-2023-28409
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
MW WP Form versions v4.4.2 and earlier
Description
The issue allows a remote unauthenticated attacker to upload an arbitrary file due to an unrestricted upload of files with dangerous types. This may lead to potential security risks.
Recommendations
For MW WP Form versions v4.4.2 and earlier, update to a version later than v4.4.2 to resolve the issue. As a temporary workaround, consider restricting file uploads to only allow safe file types until a patch is available.
Fix
Unrestricted File Upload
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Mw Wp Form