Unauthorized Access in NEX-Forms Plugin for WordPress
CVE-2024-0907
5.3MEDIUM
Key Information:
- Vendor
WordPress
- Vendor
- CVE Published:
- 29 February 2024
What is CVE-2024-0907?
The NEX-Forms – Ultimate Form Builder plugin for WordPress is susceptible to unauthorized access due to a lack of capability checks within the restore_records() function. This vulnerability affects all versions up to and including 8.5.6, enabling authenticated users with subscriber-level access or higher to restore sensitive records. This issue poses a risk to the integrity of user data, as unauthorized users could exploit this oversight to gain access to information that should be protected.
Affected Version(s)
NEX-Forms – Ultimate Form Builder – Contact forms and much more * <= 8.5.6