CVE-2024-10402

26 Oct 2024

Título es

CVE-2024-10402

Sáb, 26/10/2024 – 12:15

Tipo

CWE-862

Gravedad 2.0 Txt

Pendiente de análisis

Título en

CVE-2024-10402

Descripción en

The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.35.1. This makes it possible for authenticated attackers, with Contributor-level access and above, and permissions granted by an Administrator, to create new or edit existing forms, including updating the default registration role to Administrator on User Registration forms.

26/10/2024

Vector CVSS:3.1

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Gravedad 3.1 (CVSS 3.1 Base Score)

7.50

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)

HIGH

Referencias

https://plugins.trac.wordpress.org/changeset/3169243/

https://www.wordfence.com/threat-intel/vulnerabilities/id/be1d9d2b-cbdf-4d62-85fe-2616eaf02848?source=cve

Enviar en el boletín

Off

CVE-2024-10402

CVE-2024-10402

Jose Alexis Correa Valencia