Overview
- Description
- The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.35.1. This makes it possible for authenticated attackers, with Contributor-level access and above, and permissions granted by an Administrator, to create new or edit existing forms, including updating the default registration role to Administrator on User Registration forms.
- Source
- security@wordfence.com
- NVD status
- Awaiting Analysis
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 7.5
- Impact score
- 5.9
- Exploitability score
- 1.6
- Vector string
- CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
Weaknesses
- security@wordfence.com
- CWE-862
Social media
- Hype score
- Not currently trending
CVE Alert: CVE-2024-10402 - https://t.co/7dnNp9ic6O #OSINT #ThreatIntel #CyberSecurity #cve_2024_10402
@RedPacketSec
27 Oct 2024
57 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-10402 The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up t... https://t.co/oQggXqtlm7
@VulmonFeeds
26 Oct 2024
76 Impressions
1 Retweet
1 Like
1 Bookmark
0 Replies
0 Quotes
🚨 CVE-2024-10402: Forminator Forms Plugin up to 1.35.1 on WordPress vulnerable to missing authorization. Impact: Potential data exposure. Action: Update to latest patched version ASAP. #CyberSecurity #InfoSec
@oktsec
26 Oct 2024
31 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-10402 The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on… https://t.co/i5EH0KgeAs
@CVEnew
26 Oct 2024
802 Impressions
1 Retweet
1 Like
1 Bookmark
0 Replies
0 Quotes