Published:2023/12/14 Last Updated:2023/12/14
JVNVU#97876221
WordPress plugin "MW WP Form" vulnerable to arbitrary file upload
Overview
WordPress plugin "MW WP Form" contains a vulnerability that may allow an attacker to upload arbitrary files.
Products Affected
- MW WP Form 5.0.1 and earlier
Description
WordPress plugin "MW WP Form" provided by Web Consultation Office Co., Ltd can create a mail form using shortcode. MW WP Form contains a vulnerability that may allow an attacker to upload arbitrary files (CVE-2023-6316, CWE-434).
Impact
When the “Saving inquiry data in database” option in the form settings is enabled, an attacker may execute arbitrary code on the server by uploading an arbitrary file.
Solution
Update the plugin
Update the plugin according to the information provided by the developer.
The developer has released the following version that addresses this vulnerability.
- MW WP Form 5.0.2 or later
Vendor Status
| Vendor | Link |
| Web Consultation Office Co., Ltd | MW WP Form – WordPress plugin |
| MW WP Form (Text in Japanese) |
References
-
Wordfence | December 4, 2023
Update ASAP! Critical Unauthenticated Arbitrary File Upload in MW WP Form Allows Malicious Code Execution
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
CVSS v3
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score:
9.8
| Attack Vector(AV) | Physical (P) | Local (L) | Adjacent (A) | Network (N) |
|---|---|---|---|---|
| Attack Complexity(AC) | High (H) | Low (L) | ||
| Privileges Required(PR) | High (H) | Low (L) | None (N) | |
| User Interaction(UI) | Required (R) | None (N) | ||
| Scope(S) | Unchanged (U) | Changed (C) | ||
| Confidentiality Impact(C) | None (N) | Low (L) | High (H) | |
| Integrity Impact(I) | None (N) | Low (L) | High (H) | |
| Availability Impact(A) | None (N) | Low (L) | High (H) |