PT-2026-40896 · WordPress · Mw Wp Form

Kirasec

·

Published

2026-05-14

·

Updated

2026-05-14

·

CVE-2026-6206

CVSS v3.1

5.3

Medium

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Name of the Vulnerable Software and Affected Versions MW WP Form versions prior to 5.1.3
Description Insufficient restrictions in the get post property from querystring() function allow unauthenticated attackers to extract data from private, draft, or password-protected posts.
Recommendations Update to a version later than 5.1.2. As a temporary workaround, consider restricting access to the get post property from querystring() function until the update is applied.

Exploit

Fix

IDOR

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-6206

Affected Products

Mw Wp Form