JVN#01093915: Multiple vulnerabilities in WordPress Plugin "MW WP Form" and "Snow Monkey Forms"

Overview

WordPress Plugin "MW WP Form" and "Snow Monkey Forms" provided by Monkey Wrench Inc. contain multiple vulnerabilities.

Products Affected

CVE-2023-28408, CVE-2023-28409

MW WP Form versions v4.4.2 and earlier

CVE-2023-28413

Snow Monkey Forms versions v5.0.6 and earlier

Description

WordPress Plugin "MW WP Form" and "Snow Monkey Forms" provided by Monkey Wrench Inc. contain multiple vulnerabilities listed below.

Directory traversal (CWE-22) - CVE-2023-28408

CVSS v3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L Base Score: 7.2

CVSS v2 AV:N/AC:L/Au:N/C:N/I:P/A:P Base Score: 6.4
Unrestricted upload of file with dangerous type (CWE-434) - CVE-2023-28409

CVSS v3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Base Score: 5.3

CVSS v2 AV:N/AC:L/Au:N/C:N/I:P/A:N Base Score: 5.0
Directory traversal (CWE-22) - CVE-2023-28413

CVSS v3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L Base Score: 8.3

CVSS v2 AV:N/AC:L/Au:N/C:P/I:P/A:P Base Score: 7.5

Impact

A remote unauthenticated attacker may alter the website or cause a denial-of-service (DoS) condition, and obtain sensitive information depending on settings - CVE-2023-28408
A remote unauthenticated attacker may upload an unintended file - CVE-2023-28409
A remote unauthenticated attacker may obtain sensitive information, alter the website, or cause a denial-of-service (DoS) condition - CVE-2023-28413

Solution

Update the plugin
Update the plugin according to the information provided by the developer.

Vendor Status

Vendor	Link
Monkey Wrench Inc.	MW WP Form v4.4.3 released (Text in Japanese)
	Snow Monkey Forms v5.0.7 released (Text in Japanese)

References

JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

Credit

CVE-2023-28408
Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

CVE-2023-28409
Shuya Ota of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

CVE-2023-28413
Monkey Wrench Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN.

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE	CVE-2023-28408
	CVE-2023-28409
	CVE-2023-28413
JVN iPedia	JVNDB-2023-000050

Update History

2023/05/15: Fixed a typo in the CVSS v3 for CVE-2023-28413 under the section [Description].

CVSS v3	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L	Base Score: 7.2
CVSS v2	AV:N/AC:L/Au:N/C:N/I:P/A:P	Base Score: 6.4

CVSS v3	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	Base Score: 5.3
CVSS v2	AV:N/AC:L/Au:N/C:N/I:P/A:N	Base Score: 5.0

CVSS v3	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L	Base Score: 8.3
CVSS v2	AV:N/AC:L/Au:N/C:P/I:P/A:P	Base Score: 7.5

JVN#01093915 Multiple vulnerabilities in WordPress Plugin "MW WP Form" and "Snow Monkey Forms"