| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-5436 | MW WP Form <= 5.1.1 - Unauthenticated Arbitrary File Move via regenerate_upload_file_keys | inc2734 | MW WP Form | High | 8.1 | 2026-04-08 20:25:10 | Deep Dive |
| CVE-2026-4347 | MW WP Form <= 5.1.0 - Unauthenticated Arbitrary File Move via move_temp_file_to_upload_dir | inc2734 | MW WP Form | High | 8.1 | 2026-04-02 05:28:08 | Deep Dive |
| CVE-2026-4066 | Smart Custom Fields <= 5.0.6 - Missing Authorization to Authenticated (Contributor+) Sensitive Information Exposure via Relational Post Search | inc2734 | Smart Custom Fields | Medium | 4.3 | 2026-03-23 22:25:39 | Deep Dive |
| CVE-2026-1056 | Snow Monkey Forms <= 12.0.3 - Unauthenticated Arbitrary File Deletion via Path Traversal | inc2734 | Snow Monkey Forms | Critical | 9.8 | 2026-01-28 12:28:37 | Deep Dive |
| CVE-2025-10137 | Snow Monkey <= 29.1.5 - Unauthenticated Blind Server-Side Request Forgery | inc2734 | Snow Monkey | Medium | 5.4 | 2025-09-26 06:43:29 | Deep Dive |
| CVE-2024-1995 | Smart Custom Fields <= 4.2.2 - Missing Authorization to Authenticated (Subscriber+) Post Content Disclosure | inc2734 | Smart Custom Fields | Medium | 4.3 | 2024-03-20 01:58:05 | Deep Dive |
| CVE-2023-6316 | MW WP Form <= 5.0.1 - Unauthenticated Arbitrary File Upload | inc2734 | MW WP Form | Critical | 9.8 | 2024-01-11 08:32:52 | Deep Dive |
| CVE-2023-6559 | MW WP Form <= 5.0.3 - Improper Limitation of File Name to Unauthenticated Arbitrary File Deletion | inc2734 | MW WP Form | High | 7.5 | 2023-12-16 12:29:17 | Deep Dive |