// For flags

CVE-2024-35747

WordPress Contact Form Builder, Contact Widget plugin <= 2.1.7 - Bypass Vulnerability vulnerability

Severity Score

5.3
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

Attend
*SSVC
Descriptions

Improper Restriction of Excessive Authentication Attempts vulnerability in wpdevart Contact Form Builder, Contact Widget allows Functionality Bypass.This issue affects Contact Form Builder, Contact Widget: from n/a through 2.1.7.

Vulnerabilidad de restricción inadecuada de intentos de autenticación excesivos en wpdevart Contact Form Builder, Contact Widget permite omitir la funcionalidad. Este problema afecta a Contact Form Builder, Contact Widget: desde n/a hasta 2.1.7.

The Contact Form Builder, Contact Widget plugin for WordPress is vulnerable to protection bypass in all versions up to, and including, 2.1.7. This is due to the plugin not properly restricting authentication attempts. This makes it possible for unauthenticated attackers to perform an unauthorized action.

*Credits: Joshua Chan (Patchstack Alliance)
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:Attend
Exploitation
None
Automatable
Yes
Tech. Impact
Partial
* Organization's Worst-case Scenario
Timeline
  • 2024-05-17 CVE Reserved
  • 2024-06-06 CVE Published
  • 2024-06-13 EPSS Updated
  • 2024-08-02 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-307: Improper Restriction of Excessive Authentication Attempts
CAPEC
  • CAPEC-554: Functionality Bypass
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Contact Form Builder Project
Search vendor "Contact Form Builder Project"
Contact Form Builder
Search vendor "Contact Form Builder Project" for product "Contact Form Builder"
<= 2.1.7
Search vendor "Contact Form Builder Project" for product "Contact Form Builder" and version " <= 2.1.7"
wordpress
Affected