Vulnerabilities > CVE-2024-1170 - Unspecified vulnerability in Themekraft Post Form

047910
CVSS 8.2 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
HIGH
Availability impact
LOW
network
low complexity
themekraft
NVD
Published: 2024-03-07
Updated: 2025-01-21

Summary

The Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) plugin for WordPress is vulnerable to unauthorized media file deletion due to a missing capability check on the handle_deleted_media function in all versions up to, and including, 2.8.7. This makes it possible for unauthenticated attackers to delete arbitrary media files.

Vulnerable Configurations

Part Description Count
Application
Themekraft
1

References