High severity7.5NVD Advisory· Published Dec 16, 2023· Updated Apr 8, 2026
CVE-2023-6559
CVE-2023-6559
Description
The MW WP Form plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 5.0.3. This is due to the plugin not properly validating the path of an uploaded file prior to deleting it. This makes it possible for unauthenticated attackers to delete arbitrary files, including the wp-config.php file, which can make site takeover and remote code execution possible.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
2- plugins.trac.wordpress.org/changeset/3007879/mw-wp-formnvdPatch
- www.wordfence.com/threat-intel/vulnerabilities/id/412d555c-9bbd-42f5-8020-ccfc18755a79nvdPatchThird Party Advisory
News mentions
0No linked articles in our index yet.