CVE-2024-7291

CVSS 3.1 Score 7.2 of 10 (high)

Details

Published Aug 3, 2024

Updated: Aug 5, 2024

CWE ID 269

Summary

CVE-2024-7291 is a privilege escalation vulnerability affecting the JetFormBuilder plugin for WordPress. Versions up to and including 3.3.4.1 are vulnerable. The issue arises from insufficient restrictions on user meta fields, allowing authenticated attackers with administrator-level permissions or higher to register as super-admins on multi-site configurations. This can lead to serious security implications for affected websites. Users are advised to update the JetFormBuilder plugin to the latest version as soon as possible to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/xWB5qA
https://www.cve.org/CVERecord?id=CVE-2024-7291
https://nvd.nist.gov/vuln/detail/CVE-2024-7291

Back to Vulnerability Database

CVE-2024-7291

CVSS 3.1 Score 7.2 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations