Lucene search

PatchstackCVE-2024-32512

HistoryMay 17, 2024 - 9:15 a.m.

CVE-2024-32512

2024-05-1709:15:37

CWE-602

Patchstack

web.nvd.nist.gov

cve-2024-32512

client-side enforcement

server-side security

weforms

removing important client functionality

nvd

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

6.8

Confidence

Low

EPSS

Percentile

9.0%

JSON

Client-Side Enforcement of Server-Side Security vulnerability in weForms allows Removing Important Client Functionality.This issue affects weForms: from n/a through 1.6.20.

Affected configurations

Vulners

Vulnrichment

Node

weformsweformsRange≤1.6.20wordpress

VendorProductVersionCPE
weformsweforms*cpe:2.3:a:weforms:weforms:*:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
weforms	weforms	*	cpe:2.3:a:weforms:weforms::::::wordpress::*

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "weforms",
    "product": "weForms",
    "vendor": "weForms",
    "versions": [
      {
        "changes": [
          {
            "at": "1.6.21",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "1.6.20",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/weforms/wordpress-weforms-plugin-1-6-20-form-submission-restriction-bypass-vulnerability?_s_id=cve

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

6.8

Confidence

Low

EPSS

Percentile

9.0%

JSON

Related for CVE-2024-32512