cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2023-6316,https://securityvulnerability.io/vulnerability/CVE-2023-6316,Arbitrary File Upload Vulnerability in MW WP Form Plugin for WordPress,"The MW WP Form plugin for WordPress suffers from a vulnerability that allows arbitrary file uploads due to inadequate validation of file types in its '_single_file_upload' function. This deficiency is present in versions up to and including 5.0.1. As a result, unauthenticated attackers may exploit this vulnerability to upload arbitrary files to the server hosting the affected WordPress site, potentially leading to remote code execution and other security risks.",Wordpress,MW WP Form,9.8,CRITICAL,0.006149999797344208,false,,false,false,false,,false,false,2024-01-11T08:32:51.833Z,0
CVE-2023-6559,https://securityvulnerability.io/vulnerability/CVE-2023-6559,Arbitrary File Deletion Vulnerability in MW WP Form Plugin for WordPress,"The MW WP Form plugin for WordPress exposes a critical flaw that allows unauthenticated users to delete files from the server, including sensitive files like wp-config.php. This vulnerability arises from a lack of proper validation on the file paths of uploads before deletion. As a result, attackers can exploit this weakness to gain unauthorized access to critical areas of a website, potentially leading to site takeover or remote code execution. Website administrators are strongly advised to update to the latest version to mitigate this risk.",Wordpress,Mw WP Form,7.5,HIGH,0.004610000178217888,false,,false,false,false,,false,false,2023-12-16T13:15:00.000Z,0