CVE-2023-32623
Description
Directory traversal vulnerability in Snow Monkey Forms v5.1.1 and earlier allows a remote unauthenticated attacker to delete arbitrary files on the server.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Directory traversal in Snow Monkey Forms allows unauthenticated remote file deletion; fixed in v5.1.2.
Vulnerability
Snow Monkey Forms versions v5.1.1 and earlier contain a directory traversal vulnerability (CWE-22) in the temporary file storage handling. The plugin fails to properly validate file paths, allowing attackers to reference directories outside the intended scope. The initial fix in v5.1.1 was incomplete, leaving the vulnerability exploitable until v5.1.2 [1][2].
Exploitation
A remote unauthenticated attacker can exploit this by sending crafted HTTP requests to the WordPress site using the plugin's file upload functionality. By manipulating file paths, the attacker can navigate to arbitrary directories and trigger the deletion of targeted files [1].
Impact
Successful exploitation allows the attacker to delete arbitrary files on the server, compromising the integrity of the web application and potentially leading to denial of service or further compromise [1].
Mitigation
The vulnerability is fixed in Snow Monkey Forms v5.1.2, released on July 14, 2023. Users are strongly advised to update to this version immediately through the WordPress dashboard or by manually uploading the plugin zip file [2]. No workaround is available.
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: <=5.1.1
- Monkey Wrench Inc./Snow Monkey Formsv5Range: v5.1.1 and earlier
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2News mentions
0No linked articles in our index yet.