Authorization Vulnerability in CRM Perks Forms
CVE-2024-37463

9.8CRITICAL

Key Information:

Vendor: WordPress
Status: Crm Perks Forms
Vendor: CVE Published:; 1 November 2024

Summary

The CRM Perks Forms product has a vulnerability that allows unauthorized access to certain functionalities due to improperly constrained access control lists (ACLs). This issue permits users to bypass security measures, potentially exposing sensitive operations and allowing unauthorized data manipulation. It affects all versions from n/a through 1.1.5, necessitating immediate attention and remediation.

Affected Version(s)

CRM Perks Forms <= 1.1.5

References

https://patchstack.com/database/vulnerability/crm-perks-f...

vdb-entry

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 1, 2024
Vulnerability Reserved
Jun 9, 2024

Credit

Manab Jyoti Dowarah (Patchstack Alliance)