MW WP Form Vulnerability: 200k Sites Affected & Fix

What happened

According to Wordfence, a vulnerability has been reported in the MW WP Form WordPress plugin, with the issue potentially affecting around 200,000 WordPress sites. The details come from a Wordfence blog post, though the full content of that post could not be verified at the time of writing due to a technical issue with the source page.

Because the underlying article could not be fully loaded, specific details such as which plugin versions are affected, whether a fix is available and the exact nature of the vulnerability are not yet confirmed here. We recommend checking the Wordfence blog directly for the latest information.

What is MW WP Form

MW WP Form is a WordPress plugin that lets website owners add contact forms and other input forms to their site. Plugins like this are common on small business websites, from appointment booking forms to customer enquiry pages.

Why plugin vulnerabilities matter

When a plugin has a security vulnerability, it can potentially allow someone outside your business to interfere with your website or the data it holds. If your site collects any personal information through a form, such as a customer's name or email address, a security incident could also have implications under UK GDPR and the Data Protection Act 2018. The ICO expects businesses to take reasonable steps to keep personal data secure.

This does not mean you need to panic, but it does mean it is worth keeping an eye on the plugins you use and making sure they are up to date.

What you can do now

• Check if you use this plugin. Log in to your WordPress dashboard and look under Plugins to see if MW WP Form is installed.
• Keep plugins updated. WordPress will usually notify you when updates are available. Installing updates promptly is one of the simplest ways to reduce your risk.
• Remove plugins you do not use. If a plugin is inactive or no longer needed, deleting it removes one less potential entry point.

For a broader overview of how to keep your WordPress site secure, see our security checklist for small businesses and our guide on vulnerable WordPress plugins.

What does this mean for your website?

If you use the MW WP Form plugin, it is worth visiting the Wordfence blog to read the full details once they are accessible and following any guidance they provide. Keeping your plugins updated is a basic but effective step that applies to every WordPress site owner. If your forms collect customer data, staying on top of security is also part of your responsibilities under UK data protection law.