IP Address Spoofing Vulnerability in Fluent Forms by WordPress
CVE-2024-13666

5.3MEDIUM

What is CVE-2024-13666?

The Fluent Forms plugin for WordPress, a tool used for creating customizable contact forms and surveys, is susceptible to IP Address Spoofing. This vulnerability arises from inadequate validation of IP addresses and reliance on user-supplied HTTP headers for IP retrieval. As a result, unauthenticated attackers can impersonate legitimate IP addresses and exploit IP-based restrictions, potentially allowing them to submit malicious forms undetected. It's critical for site administrators using Fluent Forms to take immediate action by updating to the latest version to safeguard against this threat.

Affected Version(s)

Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder * <= 5.2.12

References

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Khayal Farzaliyev
.
The Cyber Security Vulnerability Database.