Missing Authorization Flaw in WP SecureSubmit Plugin by WordPress
CVE-2024-56270

5.3MEDIUM

Key Information:

Vendor

WordPress
Status
WP Securesubmit
Vendor
CVE Published:
7 January 2025

What is CVE-2024-56270?

The WP SecureSubmit plugin has a vulnerability that allows unauthorized users to potentially access sensitive data. This flaw arises from insufficient authorization checks within the plugin, affecting all versions from n/a to 1.5.16. By exploiting this vulnerability, an attacker could gain unauthorized access to sensitive user information, posing significant risks to data privacy and security.

Affected Version(s)

WP SecureSubmit 0 <= 1.5.20

References

https://patchstack.com/database/Wordpress/Plugin/securesu...
vdb-entry

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

.