WordPress Constant Contact Forms plugin <= 2.0.3 - Broken Access Control vulnerability
CVE-2023-34387
4.3MEDIUM
What is CVE-2023-34387?
A missing authorization vulnerability exists within Constant Contact Forms that allows attackers to exploit incorrectly configured access control security levels. This flaw compromises data integrity by enabling unauthorized access to forms. Users running versions up to and including 2.0.3 are particularly at risk, as they may not have the appropriate protections in place to safeguard their sensitive information.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
Constant Contact Forms <= 2.0.3
References
CVSS V3.1
Score:
4.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
István Márton (Patchstack Alliance)