5.3

CVE-2024-6626

EPSS 0.71%
Veröffentlicht 06.11.2024 07:15:04
Zuletzt bearbeitet 08.11.2024 21:18:44
Quelle security@wordfence.com
CVE-Watchlists
Login
Unerledigt
Login

EleForms – All In One Form Integration including DB for Elementor <= 2.9.9.9 - Missing Authorization

The EleForms – All In One Form Integration including DB for Elementor plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on several functions in all versions up to, and including, 2.9.9.9. This makes it possible for unauthenticated attackers to view form submissions.

Mögliche Gegenmaßnahme

EleForms – All In One Form Integration including DB for Elementor: No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 8

Weitere Schwachstelleninformationen

SystemWordPress Plugin

≫

Produkt EleForms – All In One Form Integration including DB for Elementor

Version *-2.9.9.9

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Theinnovs ≫ Eleforms SwPlatformwordpress Version <= 2.9.9.9

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.71%	0.717

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security@wordfence.com	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE-862 Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

https://plugins.trac.wordpress.org/browser/all-contact-form-integration-for-elementor/trunk/includes/export_csv.php#L20

Product

https://plugins.trac.wordpress.org/browser/all-contact-form-integration-for-elementor/trunk/includes/wp-ajax.php#L147

Product

https://plugins.trac.wordpress.org/browser/all-contact-form-integration-for-elementor/trunk/includes/wp-ajax.php#L7

Product

https://www.wordfence.com/threat-intel/vulnerabilities/id/eccea504-b8b9-46d3-b9fd-ae893528e521?source=cve

Third Party Advisory

https://www.wordfence.com/threat-intel/vulnerabilities/id/eccea504-b8b9-46d3-b9fd-ae893528e521

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-6626

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-6626

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-6626

EUVD