CVE-2024-1170

Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) <= 2.8.7 - Missing Authorization to Unauthenticated Media Deletion

Severity Score

8.2

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

The Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) plugin for WordPress is vulnerable to unauthorized media file deletion due to a missing capability check on the handle_deleted_media function in all versions up to, and including, 2.8.7. This makes it possible for unauthenticated attackers to delete arbitrary media files.

El complemento Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) para WordPress es vulnerable a la eliminación no autorizada de archivos multimedia debido a una falta de verificación de capacidad en la función handle_deleted_media en todas las versiones hasta e incluyendo , 2.8.7. Esto hace posible que atacantes no autenticados eliminen archivos multimedia arbitrarios.

*Credits: Lucio Sá

CVSS Scores

Wordfencev3.1 8.2

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

High

Availability

Low

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-02-01 CVE Reserved
2024-03-06 CVE Published
2024-03-08 EPSS Updated
2024-08-01 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-862: Missing Authorization

CAPEC

References (3)

URL	Tag	Source
https://plugins.trac.wordpress.org/browser/buddyforms/trunk/includes/functions.php#L1493
https://plugins.trac.wordpress.org/changeset/3046092/buddyforms/trunk?contextall=1&old=3031945&old_path=%2Fbuddyforms%2Ftrunk#file7
https://www.wordfence.com/threat-intel/vulnerabilities/id/380c646c-fd95-408a-89eb-3e646768bbc5?source=cve

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Svenl77 Search vendor "Svenl77"		Post Form – Registration Form – Profile Form For User Profiles – Frontend Content Forms For User Submissions (UGC) Search vendor "Svenl77" for product "Post Form – Registration Form – Profile Form For User Profiles – Frontend Content Forms For User Submissions (UGC)"				<= 2.8.7 Search vendor "Svenl77" for product "Post Form – Registration Form – Profile Form For User Profiles – Frontend Content Forms For User Submissions (UGC)" and version " <= 2.8.7"		en		Affected