Missing Authorization vulnerability in weForms
CVE-2024-30512

9.1CRITICAL

Key Information:

Vendor: WordPress
Status: Weforms
Vendor: CVE Published:; 9 June 2024

What is CVE-2024-30512?

A missing authorization vulnerability in weForms allows unauthorized users to access sensitive functionalities and data. This issue spans weForms versions up to 1.6.20, compromising the security framework necessary for user verification and access control. It suggests that without proper measures, unauthorized access could lead to potential data breaches. Immediate updates and security practices are crucial to safeguarding systems utilizing this plugin.

Affected Version(s)

weForms <= 1.6.20

References

https://patchstack.com/database/vulnerability/weforms/wor...

vdb-entry

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 9, 2024
Vulnerability Reserved
Mar 27, 2024

Credit

Kyle Sanchez (Patchstack Alliance)

WordPress

What is CVE-2024-30512?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit