Lucene search
WpvulndbWPVDB-ID:A68DDEE5-5C91-4C26-A7DA-5B93C63B94E3HistoryJan 04, 2024 - 12:00 a.m.
weForms < 1.6.19 - Missing Authorization via export_form_entries
2024-01-0400:00:00
wpscan.com
6
wordpress
weforms
vulnerability
unauthorized access
data
capability check
attacker
subscriber-level access
Description The weForms plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ‘export_form_entries’ function in versions up to, and including, 1.6.18. This makes it possible for authenticated attackers, with subscriber-level access and above, to export form entries.
| CPE | Name | Operator | Version |
|---|---|---|---|
| eq | 1.6.19 |
Related
vulnrichment
vulnrichment
nvd
nvd
CVE-2023-51524
2024-06-12 10:15:28
cve
cve
CVE-2023-51524
2024-06-12 10:15:28
cvelist
cvelist
wordfence
wordfence
6.7 Medium
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
9.1%
Related for WPVDB-ID:A68DDEE5-5C91-4C26-A7DA-5B93C63B94E3