Lucene search

PatchstackCVE-2024-35174

HistoryMay 17, 2024 - 11:15 a.m.

CVE-2024-35174

2024-05-1711:15:09

CWE-862

Patchstack

web.nvd.nist.gov

cve-2024-35174

flothemes

flo forms

missing authorization

vulnerability

nvd

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

AI Score

6.3

Confidence

High

EPSS

Percentile

9.0%

JSON

Missing Authorization vulnerability in Flothemes Flo Forms.This issue affects Flo Forms: from n/a through 1.0.42.

Affected configurations

Vulners

Vulnrichment

Node

flothemesflo_formsRange≤1.0.42wordpress

VendorProductVersionCPE
flothemesflo_forms*cpe:2.3:a:flothemes:flo_forms:*:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
flothemes	flo_forms	*	cpe:2.3:a:flothemes:flo_forms::::::wordpress::*

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "flo-forms",
    "product": "Flo Forms",
    "vendor": "Flothemes",
    "versions": [
      {
        "lessThanOrEqual": "1.0.42",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/flo-forms/wordpress-flo-forms-plugin-1-0-42-broken-access-control-vulnerability?_s_id=cve

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

AI Score

6.3

Confidence

High

EPSS

Percentile

9.0%

JSON

Related for CVE-2024-35174