All 8 CVE vulnerabilities found in MW WP Form, with AI-generated Chinese analysis, references, and POCs.
Vendor: Monkey Wrench Inc.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-5436 | MW WP Form <= 5.1.1 - Unauthenticated Arbitrary File Move via regenerate_upload_file_keys CWE-22 | 8.1 | High | 2026-04-08 |
| CVE-2026-4347 | MW WP Form <= 5.1.0 - Unauthenticated Arbitrary File Move via move_temp_file_to_upload_dir CWE-22 | 8.1 | High | 2026-04-02 |
| CVE-2023-46206 | WordPress MW WP Form plugin <= 4.4.5 - Broken Access Control vulnerability CWE-862 | 9.1 | - | 2025-01-02 |
| CVE-2024-24804 | WordPress MW WP Form Plugin <= 5.0.6 is vulnerable to Cross Site Scripting (XSS) CWE-79 | 6.5 | Medium | 2024-02-10 |
| CVE-2023-6316 | MW WP Form <= 5.0.1 - Unauthenticated Arbitrary File Upload CWE-434 | 9.8 | Critical | 2024-01-11 |
| CVE-2023-6559 | MW WP Form <= 5.0.3 - Improper Limitation of File Name to Unauthenticated Arbitrary File Deletion CWE-22 | 7.5 | High | 2023-12-16 |
| CVE-2023-28409 | WordPress plugin MW WP Form 代码问题漏洞 | 9.8 | - | 2023-05-23 |
| CVE-2023-28408 | WordPress plugin MW WP Form 路径遍历漏洞 | 6.5 | - | 2023-05-23 |
All 8 known CVE vulnerabilities affecting MW WP Form with full Chinese analysis, references, and POCs where available.