Missing Authorization Vulnerability in Repute Info Systems ARForms Plugin
CVE-2024-54217

5.4MEDIUM

Key Information:

Vendor: WordPress
Status: Arforms
Vendor: CVE Published:; 9 December 2024

What is CVE-2024-54217?

The ARForms plugin developed by Repute Info Systems is affected by a missing authorization vulnerability that allows unauthorized users to alter plugin settings. This could lead to unauthorized changes in subscriber information or configurations of forms used within WordPress environments. The vulnerability impacts all versions of ARForms up to and including 6.4.1, highlighting the urgent need for users to apply security patches and updates to ensure the integrity of their sites and the confidentiality of their data.

Affected Version(s)

ARForms 0 <= 6.4.1

References

https://patchstack.com/database/Wordpress/Plugin/arforms/...

vdb-entry

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 9, 2024

CVE-2024-54217 Data

JSON