VYPR

Snow Monkey Forms

by WordPress

Source repositories

CVEs (2)

  • CVE-2026-1056CriJan 28, 2026
    risk 0.57cvss 9.8epss 0.12

    The Snow Monkey Forms plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'generate_user_dirpath' function in all versions up to, and including, 12.0.3. This makes it possible for unauthenticated attackers to delete…

  • CVE-2023-28413May 23, 2023
    risk 0.00cvss epss 0.02

    Directory traversal vulnerability in Snow Monkey Forms versions v5.0.6 and earlier allows a remote unauthenticated attacker to obtain sensitive information, alter the website, or cause a denial-of-service (DoS) condition.