CVE-2026-4347 | inc2734 MW WP Form Plugin up to 5.1.0 on WordPress Path Validation file upload path traversal (EUVD-2026-18124)

A vulnerability was found in inc2734 MW WP Form Plugin up to 5.1.0 on WordPress. It has been declared as critical. The affected element is the function generate_user_filepath/move_temp_file_to_upload_dir of the component Path Validation Handler. The manipulation of the argument file upload results in path traversal.

This vulnerability is reported as CVE-2026-4347. The attack can be launched remotely. No exploit exists.VulDB Recent EntriesRead More