7.5
CVE-2024-2112
- EPSS 0.7%
- Veröffentlicht 09.04.2024 19:15:28
- Zuletzt bearbeitet 08.04.2026 18:20:59
- Quelle security@wordfence.com
- CVE-Watchlists
- Unerledigt
LoginForm Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder <= 1.15.22 - Sensitive Information Exposure
Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder <= 1.15.22 - Sensitive Information Exposure
The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.15.22 via the signature functionality. This makes it possible for unauthenticated attackers to extract sensitive data including user signatures.
Mögliche Gegenmaßnahme
Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder: Update to version 1.15.23, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
10web ≫ Form Maker SwPlatformwordpress Version < 1.15.23
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder
Version
*-1.15.22
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.7% | 0.482 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
| security@wordfence.com | 5.9 | 2.2 | 3.6 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
|
CWE-287 Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
https://plugins.trac.wordpress.org/changeset?old_path=/form-maker/tags/1.15.22&old=3057012&new_path=/form-maker/tags/1.15.23&new=3057012&sfp_email=&sfph_mail=
https://www.wordfence.com/threat-intel/vulnerabilities/id/5652f9c3-3cc9-4541-8209-40117b4d25d9?source=cve
https://www.wordfence.com/threat-intel/vulnerabilities/id/5652f9c3-3cc9-4541-8209-40117b4d25d9