The Contact Form Plugin by Fluent... CVE-2024-2782

- AV AC AU C I A
发布: 2024-05-18
修订: 2025-02-06

The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the /wp-json/fluentform/v1/global-settings REST API endpoint in all versions up to, and including, 5.1.16. This makes it possible for unauthenticated attackers to modify all of the plugin's settings.

0%
暂无可用Exp或PoC
当前有1条受影响产品信息