CVE-2024-1778

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Published Feb 23, 2024

Summary

CVE-2024-1778 is a vulnerability affecting the Contact Form 7 plugin for WordPress. The issue lies within the admin side data storage, where a missing capability check exists on the zt_dcfcf_change_bookmark() function. This oversight allows unauthenticated attackers to manipulate bookmark statuses, making it an unauthorized data modification vulnerability. Versions of Contact Form 7 up to and including 1.1.1 are susceptible to this weakness.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/unaSOt
https://www.cve.org/CVERecord?id=CVE-2024-1778
https://nvd.nist.gov/vuln/detail/CVE-2024-1778

Back to Vulnerability Database

CVE-2024-1778

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations