CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2023-28409

Unrestricted upload of file with dangerous type exists in MW WP Form versions v4.4.2 and earlier, which may allow a remote unauthenticated attacker to upload an arbitrary file.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.036

EPSS Ranking 87.3%

CVSS Severity

CVSS v3 Score 9.8

References

https://jvn.jp/en/jp/JVN01093915/
https://plugins.2inc.org/mw-wp-form/blog/2023/05/08/752/
https://jvn.jp/en/jp/JVN01093915/
https://plugins.2inc.org/mw-wp-form/blog/2023/05/08/752/

Products affected by CVE-2023-28409

Mw Wp Form Project » Mw Wp Form » Version: 4.4.2

cpe:2.3:a:mw_wp_form_project:mw_wp_form:4.4.2

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-28409

Products

Pricing

Contact Us