draft
LOG IN
Find MentorsFind FreelancersCommunity PostBlog
SIGN UP
LOG IN
Pinakain Vaghela
SEO Specialist

200,000 WordPress websites affected: Critical security vulnerability discovered in the plugin

Last updated Dec 08, 2023
200,000 WordPress websites affected: Critical security vulnerability discovered in the plugin

Security experts discovered a big problem in a popular WordPress tool. Attackers can use it to do harmful things on more than 200,000 websites.

The WordPress tool "MW WP Form" helps website owners make email forms and put them on pages using a shortcode. One cool thing about the tool is it has a shortcode just for collecting user information.

Critical security vulnerability in “MW WP form”

The "MW WP Form" plugin has a big security problem, according to Wordfence experts. This issue makes it easier for bad people to break into a website. They could use it to add harmful code and make it run on the site. The goal of these attacks is to get important information from the website or its visitors.

The plugin has a protection built-in to stop possible attacks. It checks for file types that could be dangerous when you try to upload them. According to Wordfence, this safety feature might not be working correctly.

When the system finds these files, it writes down what happened. But, even if the system gives a warning, the process of uploading keeps going without stopping.

Attackers can execute code remotely

Wordfence experts say bad people can put PHP files on a website and then get control over those files. This lets them make the files run on the server, which means they can control things from far away.

You need to turn on the 'Save request data in the database' option in the form settings for the security issue to be a problem.

Serious vulnerability: 9.8 out of 10 points

Wordfence identifies this vulnerability as a significant threat. It is classified as critical, with a rating of 9.8 out of 10, according to a report by searchenginejournal.com.

Good news! Wordfence found a problem in security. The people who make the plugin knew about it, and they fixed it fast after hearing from Wordfence. Now, the plugin is more secure.

Install patch update now

The WordPress plugin called "MW WP Form" has a security issue in all versions up to and including 5.0.1. To fix this problem, use the patch with version number 5.0.2.

Wordfence wants all users of the plugin to update it as soon as possible. The plugin is currently in use on more than 200,000 WordPress websites. Update now!

WordPressCybersecurityWeb designWeb development