CVE-2024-2112

CWE-287 — Improper Authentication4 documents4 sources

Severity

7.5HIGH

EPSS

1.0%

top 23.43%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

10web Form Maker 10web Form Maker BY 10web – Mobile-friendly Drag & Drop Contact Form Builder

Timeline

PublishedApr 9

Description

The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.15.22 via the signature functionality. This makes it possible for unauthenticated attackers to extract sensitive data including user signatures.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 2.2 | Impact: 3.6

Affected Packages2 packages

▶CVEListV510web/form_maker_by_10web_–_mobile-friendly_drag_&_drop_contact_form_builder1.15.22

▶NVD10web/form_maker< 1.15.23

Patches

Patch: plugins.trac.wordpress.org ↗Patch: plugins.trac.wordpress.org ↗

🔴Vulnerability Details

GHSA

GHSA-fr6q-c249-g62p: The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all↗2024-04-09

▶

CVEList

Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder <= 1.15.22 - Sensitive Information Exposure↗2024-04-09

▶

💥Exploits & PoCs

Nuclei

TOTOLINK EX1800T TOTOLINK EX1800T - Command Injection

▶