Unauthorized Access in NEX-Forms Plugin for WordPress
CVE-2024-1130
4.3MEDIUM
Key Information:
- Vendor
Wordpress
- Vendor
- CVE Published:
- 29 February 2024
What is CVE-2024-1130?
The NEX-Forms – Ultimate Form Builder plugin for WordPress contains a security flaw that allows authenticated attackers, with subscriber-level access or higher, to bypass necessary capability checks in the set_read() function. This vulnerability, present in all versions up to and including 8.5.6, potentially grants attackers the ability to mark records as read, leading to unauthorized access to sensitive information. Users of this plugin are advised to upgrade to version 8.5.7 or later to mitigate this risk.
Affected Version(s)
NEX-Forms – Ultimate Form Builder – Contact forms and much more * <= 8.5.6