CVE-2024-32727

WordPress RomethemeForm For Elementor plugin <= 1.1.2 - Broken Access Control vulnerability

CVSS 5.3 MEDIUMEPSS 0.3%CWE-862

In short

The WordPress RomethemeForm For Elementor plugin version 1.1.2 and earlier is missing proper authorization checks, allowing users to perform actions they shouldn't be able to do. This could let attackers access or modify form data that should be restricted.

Technical detail

The plugin fails to implement proper authorization controls (CWE-862), allowing unauthenticated or low-privileged users to access protected functionalities. The vulnerability affects versions up to 1.1.2 and permits unauthorized action execution against restricted resources without proper capability verification.

Summary generated and translated by AI from the official description.

Missing Authorization vulnerability in Rometheme RomethemeForm For Elementor.This issue affects RomethemeForm For Elementor: from n/a through 1.1.2.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Affected products

Rometheme · RomethemeForm For Elementor

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://patchstack.com/database/vulnerability/romethemeform/wordpress-romethemeform-for-elementor-plugin-1-1-2-broken-access-control-vulnerability?_s_id=cve