MW WP Form WordPress plugin all versions up to and including 5.1.0
Summary
This vulnerability allows unauthenticated attackers to move arbitrary files on an affected WordPress server due to insufficient file path validation in the MW WP Form plugin. Successful exploitation can lead to full remote code execution, if the form has an enabled file upload field and database saving option enabled. No known active exploitation of this vulnerability has been reported.
Remediation
Update the MW WP Form plugin to the latest patched version as soon as possible. If you do not actively use the plugin, remove it completely from your WordPress installation to eliminate the risk. Implement web application firewall rules to block unauthorized file manipulation attempts through WordPress plugin endpoints.
TopVuln sends digest emails with high-risk CVE picks across multiple authoritative sources—curated with EPSS and AI. Choose daily per-stream emails and optional weekly or monthly roundups.