Menu

Navigation

More options

Style variation

WPForms Plugin Vulnerability

Thread starter Shawn Gossman
Start date Dec 10, 2024
Tags

wordpress news wordpress plugin vulnerability wpforms

Shawn Gossman

Community Manager

Staff member

Community Manager

Community Moderator

Dec 10, 2024

#1

The vulnerability is due to a missing capability check in a function within the plugin called wpforms_is_admin_page, which means that the plugin doesn’t check for appropriate permissions of the user attempting to make a change with this function. That means that the plugin allows data to be modified by attackers lacking sufficient privileges.

Recommendations:

It’s recommended that users of versions WPForms plugin users from versions 1.8.4 up to an including 1.9.2.1 update their plugins.

Source: WPForms Plugin Vulnerability Affects Up To 6 Million Sites

You must log in or register to reply here.

Share:

Facebook X (Twitter) LinkedIn Reddit Pinterest Tumblr WhatsApp Email Link

This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
By continuing to use this site, you are consenting to our use of cookies.

Accept Learn more…

Top