Missing Authorization Vulnerability Affects ARForms Form Builder
CVE-2024-31270

7.6HIGH

Key Information:

Vendor: WordPress
Status: Arforms Form Builder
Vendor: CVE Published:; 8 May 2024

What is CVE-2024-31270?

A vulnerability exists in the ARForms Form Builder developed by Repute InfoSystems, characterized by missing authorization controls. This security flaw allows unauthorized users to potentially exploit functions that should be restricted, leading to unauthorized access to sensitive information. The affected versions include those from n/a through 1.6.1, highlighting the importance for all users to ensure they apply any necessary updates or patches to mitigate associated risks. Continuous monitoring and enforcement of access control measures are essential to maintain security integrity.

Affected Version(s)

ARForms Form Builder <= 1.6.1

References

https://patchstack.com/database/vulnerability/arforms-for...

vdb-entry

CVSS V3.1

Score:

7.6

Severity:

HIGH

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 8, 2024
Vulnerability Reserved
Mar 29, 2024

Credit

Yudistira Arya (Patchstack Alliance)