- Description
- The WPForms plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wpforms_is_admin_page' function in versions starting from 1.8.4 up to, and including, 1.9.2.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to refund payments and cancel subscriptions.
- Source
- security@wordfence.com
- NVD status
- Received
CVSS 3.1
- Type
- Primary
- Base score
- 8.5
- Impact score
- 4.7
- Exploitability score
- 3.1
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:N
- Severity
- HIGH
- security@wordfence.com
- CWE-862
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
1
WordPressで人気のプラグイン WPFormsで重大な脆弱性(CVE-2024-11205) https://t.co/keR8vp3bYC
@01Programing
11 Dec 2024
9 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
A vulnerability in WPForms, a WordPress plugin used in over 6 million websites, could allow subscriber-level users to issue arbitrary Stripe refunds or cancel subscriptions. Tracked under CVE-2024-11205, the flaw was categorized as a high-severity. https://t.co/YUyr52l4BO https:/
@riskigy
10 Dec 2024
30 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Wordpress WPform flaw CVE-2024-11205 #Wordpress #WPForms #CVE-2024-11205 https://t.co/3vcSv1aEZf
@pravin_karthik
10 Dec 2024
26 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-11205: Missing Authorization in WPForms Plugin, 8.5 rating❗️ Vuln affecting several functions allows attackers to return payments made through the Stripe system. Search at https://t.co/hv7QKSqxTR: 👉 Link: https://t.co/6J4iMVEF0Y #cybersecurity #vulnerabilty_map https
@Netlas_io
10 Dec 2024
407 Impressions
2 Retweets
10 Likes
1 Bookmark
0 Replies
0 Quotes
CVE-2024-11205 WPForms Plugin Vulnerability Allows Unauthorized Data Mod... https://t.co/pQuVlU1cax Don't wait vulnerability scanning results: https://t.co/oh1APvMMnd
@VulmonFeeds
10 Dec 2024
26 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2024-11205: HIGH] WordPress WPForms plugin 1.8.4 to 1.9.2.1 is at risk! A missing capability check allows unauthorized data modification. Attackers with Subscriber-level access can cancel subscriptions or re...#cybersecurity,#vulnerability https://t.co/PpIfjldffb https://t.c
@CveFindCom
10 Dec 2024
86 Impressions
1 Retweet
0 Likes
1 Bookmark
0 Replies
0 Quotes
Tem umas vulnerabilidades que me impressionam #bolhasec Olha o caso do CVE-2024-11205 (CVSS 8.5) no plugin WPForms A função is_admin não checa se o usuário é admin 🤡😢 https://t.co/y3Jaf94Wfj
@sushicomabacate
9 Dec 2024
3299 Impressions
4 Retweets
75 Likes
3 Bookmarks
8 Replies
2 Quotes