2 matches found
WordPress Forminator Plugin <= 1.35.1 is vulnerable to Broken Access Control
Software Forminator Type Plugin Vulnerable versions = 1.35.1 Fixed in 1.36.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-10402 Patch priority Low CVSS severity Low 7.2 Developer WPMU DEV PSID ed71b48b83e4 Credits wesley wcraft Required privilege...
CVE-2024-10402 Forminator Forms – Contact Form, Payment Form & Custom Form Builder <= 1.35.1 - Missing Authorization to Authenticated (Contributor+) Form Update and Creation
The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.35.1. This makes it possible for authenticated attackers, with Contributor-leve...