PT-2024-17196 · WordPress · The Post Form – Registration Form – Profile Form For User Profiles – Frontend Content Forms For User Submissions

🗓️ 07 Mar 2024 00:00:00Reported by Positive TechnologiesType

ptsecurity

ptsecurity🔗 dbugs.ptsecurity.com👁 2 Views

The Post Form plugin allows unauthenticated media deletion due to a missing capability check.

Reporter	Title	Published	Views	Family All 12
Circl	CVE-2024-1170	7 Mar 202412:31	–	circl
CNNVD	WordPress Plugin buddyforms security vulnerability	7 Mar 202400:00	–	cnnvd
CVE	CVE-2024-1170	7 Mar 202411:01	–	cve
Cvelist	CVE-2024-1170 Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) <= 2.8.7 - Missing Authorization to Unauthenticated Media Deletion	7 Mar 202411:01	–	cvelist
EUVD	EUVD-2024-16938	3 Oct 202520:07	–	euvd
NVD	CVE-2024-1170	7 Mar 202411:15	–	nvd
Patchstack	WordPress BuddyForms Plugin <= 2.8.7 is vulnerable to Broken Access Control	7 Mar 202400:00	–	patchstack
Prion	Arbitrary file deletion	7 Mar 202411:15	–	prion
RedhatCVE	CVE-2024-1170	5 Feb 202505:27	–	redhatcve
Vulnrichment	CVE-2024-1170 Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) <= 2.8.7 - Missing Authorization to Unauthenticated Media Deletion	7 Mar 202411:01	–	vulnrichment

Source	Link
nvd	www.nvd.nist.gov/vuln/detail/CVE-2024-1170
t	www.t.me/cvenotify/73240
wordfence	www.wordfence.com/threat-intel/vulnerabilities/id/380c646c-fd95-408a-89eb-3e646768bbc5
twitter	www.twitter.com/VulmonFeeds/status/1765733095163023790
t	www.t.me/cvenotify/108067
plugins	www.plugins.trac.wordpress.org/browser/buddyforms/trunk/includes/functions.php
plugins	www.plugins.trac.wordpress.org/changeset/3046092/buddyforms/trunk
cve	www.cve.mitre.org/cgi-bin/cvename.cgi

21 Jan 2025 00:00Current

7.4High risk

Vulners AI Score7.4

CVSS 3.18.2

EPSS0.00501

SSVC

unauthenticated media deletion missing capability check wordpress plugin frontend content forms