Lucene search

CVE-2024-4157

🗓️ 22 May 2024 08:10:15Reported by WordfenceType

The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin is vulnerable to PHP object injection via untrusted input deserialization, allowing attackers to delete files, retrieve data, or execute code

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 18
NVD	CVE-2024-4157	22 May 202408:15	–	nvd
NVD	CVE-2024-2771	18 May 202408:15	–	nvd
NVD	CVE-2024-2772	18 May 202408:15	–	nvd
Vulnrichment	CVE-2024-4157 Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.1.15 - PHP Object Injection via extractDynamicValues	22 May 202407:37	–	vulnrichment
Vulnrichment	CVE-2024-2771 Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.1.16 - Missing Authorization to Settings Update and Limited Privilege Escalation	18 May 202407:38	–	vulnrichment
Vulnrichment	CVE-2024-2772 Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.1.13 - Authenticated (Subscriber+) Stored Cross-Site Scripting	18 May 202407:38	–	vulnrichment
Cvelist	CVE-2024-4157 Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.1.15 - PHP Object Injection via extractDynamicValues	22 May 202407:37	–	cvelist
Cvelist	CVE-2024-2771 Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.1.16 - Missing Authorization to Settings Update and Limited Privilege Escalation	18 May 202407:38	–	cvelist
Cvelist	CVE-2024-2772 Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.1.13 - Authenticated (Subscriber+) Stored Cross-Site Scripting	18 May 202407:38	–	cvelist
WPVulnDB	Contact Form Plugin by Fluent Forms < 5.1.16 - Contributor+ PHP Object Injection	22 May 202400:00	–	wpvulndb

Nvd

Vulners

Vulnrichment

Node

fluentforms contact_formRange<5.1.16wordpress

[
  {
    "vendor": "techjewel",
    "product": "Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder",
    "versions": [
      {
        "version": "*",
        "status": "affected",
        "lessThanOrEqual": "5.1.15",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

Source	Link
wordfence	www.wordfence.com/threat-intel/vulnerabilities/id/8def156a-f2f2-4640-a1c9-c21c74e1f308
plugins	www.plugins.trac.wordpress.org/changeset/3081740/fluentform

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

22 May 2024 08:15Current

7.9High risk

Vulners AI Score7.9

CVSS37.5 - 8.8

EPSS0.02317

SSVC

CWE-502