Vulnerabilities > CVE-2024-1129 - Missing Authorization vulnerability in Basixonline Nex-Forms

047910
CVSS 4.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
NONE
Integrity impact
LOW
Availability impact
NONE
network
low complexity
basixonline
CWE-862
NVD
Published: 2024-02-29
Updated: 2025-01-15

Summary

The NEX-Forms – Ultimate Form Builder – Contact forms and much more plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the set_starred() function in all versions up to, and including, 8.5.6. This makes it possible for authenticated attackers, with subscriber-level access and above, to mark records as starred.

Vulnerable Configurations

Part Description Count
Application
Basixonline
121

Common Weakness Enumeration (CWE)

References