CVE-2024-1217 | kaliforms Contact Form Builder with Drag & Drop Plugin up to 2.3.41 on WordPress Deactivation await_plugin_deactivation authorization

Inserito da Angelo Barbosa | Feb 21, 2024 | CVE

A vulnerability classified as critical has been found in kaliforms Contact Form Builder with Drag & Drop Plugin up to 2.3.41 on WordPress. Affected is the function await_plugin_deactivation of the component Deactivation Handler. The manipulation leads to missing authorization.

This vulnerability is traded as CVE-2024-1217. It is possible to launch the attack remotely. There is no exploit available.

CVE-2024-1217 | kaliforms Contact Form Builder with Drag & Drop Plugin up to 2.3.41 on WordPress Deactivation await_plugin_deactivation authorization

Post correlati

CVE-2024-7552 | DataGear up to 5.0.0 Data Schema Page ConversionSqlParamValueMapper.java evaluateVariableExpression expression language injection (IAF3H7)

CVE-2024-24785 | html-template up to 1.21.7/1.22.0 on Go MarshalJSON neutralization

CVE-2024-30135 | HCL DRYiCE AEX 10 Snapshot information disclosure (KB0114193)

CVE-2024-29857 | Bouncy Castle up to 1.77 F2m resource consumption