Platform
wordpress
Component
snow-monkey-forms
Fixed in
12.0.4
CVE-2026-1056 describes a critical Path Traversal vulnerability affecting the Snow Monkey Forms plugin for WordPress. This flaw allows unauthenticated attackers to delete arbitrary files on the server, potentially leading to remote code execution. The vulnerability impacts versions 0.0.0 through 12.0.3, and a patch is available in version 12.0.4.
The impact of CVE-2026-1056 is severe due to the potential for remote code execution. An attacker exploiting this vulnerability could delete critical WordPress configuration files, such as wp-config.php, effectively gaining control of the entire website. This could lead to data breaches, website defacement, and further compromise of the server. The ease of exploitation, requiring no authentication, significantly increases the risk. Deletion of other sensitive files could also expose database credentials or other confidential information.
CVE-2026-1056 was publicly disclosed on January 28, 2026. While no public exploits have been confirmed, the ease of exploitation and the potential for RCE make it a high-priority vulnerability. The EPSS score is likely to be high due to the combination of critical severity and ease of exploitation. It is crucial to apply the patch promptly to prevent potential attacks.
Exploit Status
EPSS
0.31% (54% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2026-1056 is to immediately upgrade the Snow Monkey Forms plugin to version 12.0.4 or later. If upgrading is not immediately feasible, consider implementing temporary workarounds. These might include restricting file permissions on the WordPress uploads directory to prevent unauthorized file deletion. Web Application Firewalls (WAFs) configured to detect and block attempts to access or manipulate files outside of the intended directory can also provide a layer of protection. Monitor WordPress logs for suspicious file deletion attempts.
Update to version 12.0.4, or a newer patched version
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-1056 is a critical vulnerability in the Snow Monkey Forms WordPress plugin allowing unauthenticated attackers to delete files, potentially leading to remote code execution.
If you are using Snow Monkey Forms version 0.0.0 through 12.0.3, you are affected by this vulnerability. Check your plugin version immediately.
Upgrade the Snow Monkey Forms plugin to version 12.0.4 or later to resolve the vulnerability. If immediate upgrade is not possible, implement temporary workarounds like restricting file permissions.
While no confirmed exploitation has been publicly reported, the ease of exploitation suggests a high likelihood of active scanning and potential attacks. Prompt patching is essential.
Refer to the official Snow Monkey Forms website and WordPress plugin repository for the latest security advisory and update information.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.