Unauthorized Modification of Data Vulnerability in Fluent Forms Plugin
CVE-2024-2782

7.5HIGH

Key Information:

Vendor

Wordpress
Status
Contact Form Plugin By Fluent Forms For Quiz, Survey, And Drag & Drop WP Form Builder
Vendor
CVE Published:
18 May 2024

What is CVE-2024-2782?

The Contact Form Plugin by Fluent Forms for WordPress contains a significant vulnerability that permits unauthorized alteration of settings. This issue arises from a lack of capability checks on the /wp-json/fluentform/v1/global-settings REST API endpoint, impacting all versions up to and including 5.1.16. As a result, unauthenticated attackers can modify critical settings of the plugin, posing potential risks to website functionality and security. Website owners utilizing the Fluent Forms Plugin should prioritize immediate updates to mitigate this vulnerability.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder * <= 5.1.16

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...
https://plugins.trac.wordpress.org/changeset/3088078/flue...

EPSS Score

10% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Tobias WeiĂźhaar
JSON
.