CVE-2024-1217 | kaliforms Contact Form Builder with Drag & Drop Plugin up to 2.3.41 on WordPress Deactivation await_plugin_deactivation authorization

Inserito da Angelo Barbosa | Feb 21, 2024 | CVE

A vulnerability classified as critical has been found in kaliforms Contact Form Builder with Drag & Drop Plugin up to 2.3.41 on WordPress. Affected is the function await_plugin_deactivation of the component Deactivation Handler. The manipulation leads to missing authorization.

This vulnerability is traded as CVE-2024-1217. It is possible to launch the attack remotely. There is no exploit available.

CVE-2024-1217 | kaliforms Contact Form Builder with Drag & Drop Plugin up to 2.3.41 on WordPress Deactivation await_plugin_deactivation authorization

Post correlati

CVE-2024-35388 | Totolink NR1800X 9.1.0u.6681_B20230703 urldecode password stack-based overflow

CVE-2024-8072 | Mage AI Terminal Server Command History information disclosure (jfsa-2024-0010)

CVE-2024-6132 | Pexels Plugin up to 1.2.2 on WordPress unrestricted upload

CVE-2024-24335 | RT-Thread up to 5.0.2 dfs_v2 heap-based overflow (Issue 8271)