CVE-2024-38748 – WordPress EleForms plugin <= 2.9.9.9 - Broken Access Control vulnerability

https://notcve.org/view.php?id=CVE-2024-38748

Access Control vulnerability in TheInnovs EleForms allows . This issue affects EleForms: from n/a through 2.9.9.9. The EleForms plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 2.9.9.9. This makes it possible for unauthenticated attackers to perform an unauthorized action. • https://patchstack.com/database/vulnerability/all-contact-form-integration-for-elementor/wordpress-eleforms-plugin-2-9-9-9-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •