3 matches found
CVE-2024-11205
creationtimestamp| type| source ---|---|--- 2024-12-10 04:34:47+00:00| seen| https://infosec.exchange/users/cve/statuses/113626663315453138 2024-12-10 07:26:26+00:00| seen| https://t.me/cvedetector/12480 2024-12-10 19:52:18+00:00| seen| Telegram/OcNoEbaBMhH9vSuUWKtnXIpKpP1ZbWX433RTqOyPlTBa0...
CVE-2024-11205 WPForms 1.8.4 - 1.9.2.1 - Missing Authorization to Authenticated (Subscriber+) Payment Refund and Subscription Cancellation
The WPForms plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wpformsisadminpage' function in versions starting from 1.8.4 up to, and including, 1.9.2.1. This makes it possible for authenticated attackers, with Subscriber-level acces...
CVE-2024-11205 WPForms 1.8.4 - 1.9.2.1 - Missing Authorization to Authenticated (Subscriber+) Payment Refund and Subscription Cancellation
The WPForms plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wpformsisadminpage' function in versions starting from 1.8.4 up to, and including, 1.9.2.1. This makes it possible for authenticated attackers, with Subscriber-level acces...