PatchSiren cyber security CVE debrief
CVE-2026-48871 Takashi Kitajima CVE debrief
CVE-2026-48871 is a HIGH severity Unauthenticated Cross Site Scripting (XSS) vulnerability in the MW WP Form plugin versions <= 5.1.3. The vulnerability has a CVSS score of 7.1 and was published on 2026-06-15T21:17:16.557Z.
- Vendor
- Takashi Kitajima
- Product
- MW WP Form
- CVSS
- HIGH 7.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-15
- Original CVE updated
- 2026-06-15
- Advisory published
- 2026-06-15
- Advisory updated
- 2026-06-15
Who should care
Users of MW WP Form plugin versions <= 5.1.3 should be aware of this vulnerability and take necessary actions to mitigate it.
Technical summary
The vulnerability is caused by an Unauthenticated Cross Site Scripting (XSS) issue in the MW WP Form plugin. The CVSS vector for this vulnerability is CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L.
Defensive priority
HIGH
Recommended defensive actions
- Update MW WP Form plugin to a version greater than 5.1.3.
- Refer to [ref-4](https://patchstack.com/database/wordpress/plugin/mw-wp-form/vulnerability/wordpress-mw-wp-form-plugin-5-1-3-cross-site-scripting-xss-vulnerability?_s_id=cve) for mitigation or vendor reference.
Evidence notes
The vendor and product information is currently unknown. The CVE record is available at [cve-org](https://www.cve.org/CVERecord?id=CVE-2026-48871) and NVD detail at [nvd](https://nvd.nist.gov/vuln/detail/CVE-2026-48871).
Official resources
-
CVE-2026-48871 CVE record
CVE.org
-
CVE-2026-48871 NVD detail
NVD
-
Source item URL
nvd_modified
- Mitigation or vendor reference
CVE-2026-48871 was published on 2026-06-15T21:17:16.557Z and modified on 2026-06-15T21:24:32.790Z.