Primary

Context

MW WP Form WordPress Plugin Information Exposure Vulnerability

Vulnerability

Patched

A vulnerability allowing information exposure exists in the MW WP Form plugin for WordPress, affecting all versions through 5.1.2. The issue arises from the '_get_post_property_from_querystring()' function, which lacks proper restrictions on post accessibility. This flaw enables unauthenticated attackers to retrieve data from password-protected, private, or draft posts that should otherwise be inaccessible.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive information from protected WordPress posts.

Remediation

Users can update to MW WP Form version 5.1.3 or later to address this vulnerability.

Added: May 14, 2026, 9:21 AM

Updated: May 14, 2026, 9:21 AM

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

2.5

exploitability

9.0

remediation

7.7

relevance

8.3

threat

3.2

urgency

2.9

incentive

8.3

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

2.5

exploitability

9.0

remediation

7.7

relevance

8.3

threat

3.2

urgency

2.9

incentive

8.3

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

MW WP Form WordPress Plugin Information Exposure Vulnerability

Vulnerability

Impact

Remediation

Affected Products

MW WP Form

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating