CVE-2024-35661 – WordPress Upload Fields for WPForms plugin <= 1.0.2 - Broken Access Control vulnerability

https://notcve.org/view.php?id=CVE-2024-35661

Missing Authorization vulnerability in SoftLab Upload Fields for WPForms.This issue affects Upload Fields for WPForms: from n/a through 1.0.2. Vulnerabilidad de autorización faltante en SoftLab Upload Fields for WPForms. Este problema afecta los campos de carga para WPForms: desde n/a hasta 1.0.2. The Upload Fields for WPForms – Drag and Drop Multiple File Upload, Image Upload, and Google Drive Upload for WPForms plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.0.2. This makes it possible for unauthenticated attackers to perform an unauthorized action. • https://patchstack.com/database/vulnerability/upload-fields-for-wpforms/wordpress-upload-fields-for-wpforms-plugin-1-0-2-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •