WP-Safety
CVE-2024-34826

Design for Contact Form 7 Style WordPress Plugin – CF7 WOW Styler <= 1.6.4 - Missing Authorization via Several AJAX Action

mediumMissing Authorization
5.4
CVSS Score
5.4
CVSS Score
medium
Severity
1.6.5
Patched in
7d
Time to patch

Description

The Design for Contact Form 7 Style WordPress Plugin – CF7 WOW Styler plugin for WordPress is vulnerable to unauthorized access due to missing capability checks on several functions in versions up to, and including, 1.6.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform several unauthorized actions.

CVSS Vector Breakdown

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Low
Confidentiality
Low
Integrity
None
Availability

Technical Details

Affected versions<=1.6.4
PublishedMay 9, 2024
Last updatedMay 15, 2024
Affected plugincf7-styler
References
https://www.wordfence.com/threat-intel/vulnerabilities/id/a39679a6-21f1-41e2-aaf8-23f03b79ef33?source=api-prod

Check if your site is affected.

Run a free security audit to detect vulnerable plugins, outdated versions, and misconfigurations.

Run free audit Browse CVE database