CVE-2024-35747
WordPress Contact Form Builder, Contact Widget plugin <= 2.1.7 - Bypass Vulnerability vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Improper Restriction of Excessive Authentication Attempts vulnerability in wpdevart Contact Form Builder, Contact Widget allows Functionality Bypass.This issue affects Contact Form Builder, Contact Widget: from n/a through 2.1.7.
Vulnerabilidad de restricción inadecuada de intentos de autenticación excesivos en wpdevart Contact Form Builder, Contact Widget permite omitir la funcionalidad. Este problema afecta a Contact Form Builder, Contact Widget: desde n/a hasta 2.1.7.
The Contact Form Builder, Contact Widget plugin for WordPress is vulnerable to protection bypass in all versions up to, and including, 2.1.7. This is due to the plugin not properly restricting authentication attempts. This makes it possible for unauthenticated attackers to perform an unauthorized action.
CVSS Scores
SSVC
- Decision:Attend
Timeline
- 2024-05-17 CVE Reserved
- 2024-06-06 CVE Published
- 2024-06-13 EPSS Updated
- 2024-08-02 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-307: Improper Restriction of Excessive Authentication Attempts
CAPEC
- CAPEC-554: Functionality Bypass
References (1)
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Contact Form Builder Project Search vendor "Contact Form Builder Project" | Contact Form Builder Search vendor "Contact Form Builder Project" for product "Contact Form Builder" | <= 2.1.7 Search vendor "Contact Form Builder Project" for product "Contact Form Builder" and version " <= 2.1.7" | wordpress |
Affected
| ||||||