CVE-2024-0667

Summary

CVE-2024-0667 is a Cross-Site Request Forgery vulnerability affecting the Form Maker plugin by 10Web for WordPress. Versions up to 1.15.21 are vulnerable. The issue stems from inadequate nonce validation on the 'execute' function, enabling unauthenticated attackers to execute arbitrary methods in the 'BoosterController' class if they successfully trick a site administrator into taking a specified action, such as clicking a malicious link. This vulnerability could potentially lead to serious security consequences if exploited. It is strongly recommended that users upgrade to the latest version of the plugin to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.