PT-2026-40896 · WordPress · Mw Wp Form
Kirasec
·
Published
2026-05-14
·
Updated
2026-05-14
·
CVE-2026-6206
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
MW WP Form versions prior to 5.1.3
Description
Insufficient restrictions in the
get post property from querystring() function allow unauthenticated attackers to extract data from private, draft, or password-protected posts.Recommendations
Update to a version later than 5.1.2.
As a temporary workaround, consider restricting access to the
get post property from querystring() function until the update is applied.Exploit
Fix
IDOR
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Mw Wp Form