CVE Published: 02/05/2024 |
CVE Updated: 01/08/2024 |
CVE Year: 2024 Source: Wordfence |
Vendor: mailerlite |
Product: MailerLite – Signup forms (official) Status : PUBLISHED
CVE-2024-2797 Description
The MailerLite – Signup forms (official) plugin for WordPress is vulnerable to unauthorized plugin setting changes due to a missing capability check on the toggleRolesAndPermissions and editAllowedRolesAndPermissions functions in all versions up to, and including, 1.7.6. This makes it possible for unauthenticated attackers to allow lower level users to modify forms.
Metrics
CVSS Version: 3.1 |
Base Score: 5.3 MEDIUM Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N