Search criteria
1 vulnerability by Porthas Inc.
CVE-2024-56002 (GCVE-0-2024-56002)
Vulnerability from cvelistv5 – Published: 2024-12-31 13:50 – Updated: 2024-12-31 16:08
VLAI?
Title
WordPress Contact Form, Survey & Form Builder – MightyForms plugin <= 1.3.9 - Broken Access Control vulnerability
Summary
Missing Authorization vulnerability in Porthas Inc. Contact Form, Survey & Form Builder – MightyForms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Form, Survey & Form Builder – MightyForms: from n/a through 1.3.9.
Severity ?
6.4 (Medium)
CWE
- CWE-862 - Missing Authorization
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Porthas Inc. | Contact Form, Survey & Form Builder – MightyForms |
Affected:
n/a , ≤ 1.3.9
(custom)
|
Credits
Mika (Patchstack Alliance)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-56002",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-31T16:08:03.204869Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-31T16:08:15.510Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "mightyforms",
"product": "Contact Form, Survey \u0026 Form Builder \u2013 MightyForms",
"vendor": "Porthas Inc.",
"versions": [
{
"changes": [
{
"at": "1.3.10",
"status": "unaffected"
}
],
"lessThanOrEqual": "1.3.9",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Mika (Patchstack Alliance)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Missing Authorization vulnerability in Porthas Inc. Contact Form, Survey \u0026amp; Form Builder \u2013 MightyForms allows Exploiting Incorrectly Configured Access Control Security Levels.\u003cp\u003eThis issue affects Contact Form, Survey \u0026amp; Form Builder \u2013 MightyForms: from n/a through 1.3.9.\u003c/p\u003e"
}
],
"value": "Missing Authorization vulnerability in Porthas Inc. Contact Form, Survey \u0026 Form Builder \u2013 MightyForms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Form, Survey \u0026 Form Builder \u2013 MightyForms: from n/a through 1.3.9."
}
],
"impacts": [
{
"capecId": "CAPEC-180",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-31T13:50:18.452Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/wordpress/plugin/mightyforms/vulnerability/wordpress-contact-form-survey-form-builder-mightyforms-plugin-1-3-9-broken-access-control-vulnerability?_s_id=cve"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to\u0026nbsp;1.3.10 or a higher version."
}
],
"value": "Update to\u00a01.3.10 or a higher version."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress Contact Form, Survey \u0026 Form Builder \u2013 MightyForms plugin \u003c= 1.3.9 - Broken Access Control vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2024-56002",
"datePublished": "2024-12-31T13:50:18.452Z",
"dateReserved": "2024-12-14T19:42:27.167Z",
"dateUpdated": "2024-12-31T16:08:15.510Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}