200,000 WordPress Sites Affected by Arbitrary File Move Vulnerability in MW WP Form WordPress Plugin
On March 16th, 2026, we received a submission for an Arbitrary File Move vulnerability in MW WP Form, a WordPress plugin with more than 200,000 active installations. This vulnerability makes it possible for unauthenticated threat actors to move arbitrary files, including the wp-config.php file, whic
ORIGINAL SOURCE →via Wordfence
ADVERTISEMENT
⚡ STAY AHEAD
Events like this, convergence-verified across 689 sources, land in your inbox every Sunday. Free.
GET THE SUNDAY BRIEFING →RELATED · cyber
- [CYBER] DinDoor Backdoor Exploits Deno and MSI Installers to Slip Past Detection
- [CYBER] Another DeFi protocol loses millions in hack days after KelpDAO breach - CoinDesk
- [CYBER] The Vercel/Context.ai Breach Wasn't a Vulnerability. It Was a Delegation Path.
- [CYBER] Namastex npm Packages Spread TeamPCP-Style CanisterWorm Malware
- [CYBER] Kenya targets the algorithm behind digital lending
- [CYBER] Over 1,300 Microsoft SharePoint servers vulnerable to spoofing attacks