CVE-2024-0370

CVSS 3.1 Score 4.3 of 10 (medium)

Attack Complexity low
Integrity low
Privileges Required low
Confidentiality none
Availability none
Scope unchanged

Details

Published Feb 5, 2024
Updated: Feb 9, 2024
CWE ID 862

Summary

CVE-2024-0370 is a vulnerability affecting the Views for WPForms plugin used in WordPress sites. The issue stems from a missing capability check within the 'save_view' function, which is present up to version 3.2.2. As a result, authenticated attackers with subscriber access or higher can manipulate the titles of arbitrary posts on the site, leading to potential data integrity issues. This vulnerability underlines the importance of maintaining updated plugins to ensure cybersecurity.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share