Vulnerabilities > CVE-2024-12184 - Missing Authorization vulnerability in Cimatti Wordpress Contact Forms

047910
CVSS 5.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
LOW
Integrity impact
NONE
Availability impact
NONE
network
low complexity
cimatti
CWE-862
NVD
Published: 2025-02-01
Updated: 2025-02-24

Summary

The WordPress Contact Forms by Cimatti plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the accua_forms_download_submitted_file() function in all versions up to, and including, 1.9.4. This makes it possible for unauthenticated attackers to download other user submitted forms.

Vulnerable Configurations

Part Description Count
Application
Cimatti
49

Common Weakness Enumeration (CWE)

References