CVE-2024-2782

CVSS 3.1 Score 7.4 of 10 (high)

Details

Published May 18, 2024

Updated: May 20, 2024

CWE ID 277

Summary

CVE-2024-2782 is a vulnerability affecting the Contact Form Plugin by Fluent Forms used in Quiz, Survey, and Drag & Drop WP Form Builder for WordPress. The flaw, present in all versions up to 5.1.16, permits unauthenticated attackers to modify the plugin's settings through the /wp-json/fluentform/v1/global-settings REST API endpoint due to a missing capability check. This opens the door to unauthorized alterations, potentially leading to security breaches or functionality disruptions.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/uqYCV-
https://www.cve.org/CVERecord?id=CVE-2024-2782
https://nvd.nist.gov/vuln/detail/CVE-2024-2782

Back to Vulnerability Database

CVE-2024-2782

CVSS 3.1 Score 7.4 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations