CVE-2024-5857

NVD Published Date: August 29, 2024 at 11:15 AM
NVD Last Modified: August 29, 2024 at 01:25 PM
Download Patch
Vulnerability ID
CVE-2024-5857
Severity
MEDIUM
Severity Score
5.3
Summary
The Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms Free plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the af2_handel_file_remove AJAX action in all versions up to, and including, 3.7.3.2. This makes it possible for unauthenticated attackers to delete arbitrary media files.
Mitigation and Patches
-
Exploits
-
Metasploit Payload
-
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CWE ID
CWE-862

Recent Publish

CVE-2024-43700

CVE-2024-45440

CVE-2024-3944

CVE-2024-4428

CVE-2024-7418

CVE-2024-6927

See SecOps Solution
in action

Schedule Demo