CVE-2024-1218
Last modified
CVE-2024-1218 is a medium-severity vulnerability rated 5.4/10 on the CVSS scale. The Contact Form builder with drag & drop for WordPress – Kali Forms plugin for WordPress is vulnerable to unauthorized access and modification of data via API due to an inconsistent capability check on several REST endpoints in all versions up to, and including, 2.3.41. This makes it possible for authenticated attackers, with contributor access and higher, to obtain access to or modify forms or entries.. EPSS estimates a 0.31% chance of exploitation in the next 30 days.
Description
The Contact Form builder with drag & drop for WordPress – Kali Forms plugin for WordPress is vulnerable to unauthorized access and modification of data via API due to an inconsistent capability check on several REST endpoints in all versions up to, and including, 2.3.41. This makes it possible for authenticated attackers, with contributor access and higher, to obtain access to or modify forms or entries.
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Kaliforms | Contact Form Builder | < 2.3.41 |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2024-1218?
How severe is CVE-2024-1218?
How do I fix CVE-2024-1218?
Are you affected by CVE-2024-1218?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST