Lucene search

WpvulndbWPVDB-ID:9915E202-EF99-49A5-8318-06BC3A7D4987

HistoryApr 03, 2024 - 12:00 a.m.

weForms < 1.6.21 - Missing Authorization

2024-04-0300:00:00

wpscan.com

weforms

wordpress

vulnerability

unauthorized access

CVSS3

3.7

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

6.6

Confidence

Low

EPSS

Percentile

9.0%

JSON

Description The weForms plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the handle_frontend_submission() function in versions up to, and including, 1.6.20. This makes it possible for unauthenticated attackers to submit forms that are not open.

References

www.wordfence.com/threat-intel/vulnerabilities/id/5c71dc22-0b1b-4628-bbab-4154714e8804

CVSS3

3.7

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

6.6

Confidence

Low

EPSS

Percentile

9.0%

JSON

Related for WPVDB-ID:9915E202-EF99-49A5-8318-06BC3A7D4987