CVE-2024-2043

{"id": "CVE-2024-2043", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.9}, {"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2024-05-02T17:15:15.187", "references": [{"url": "https://plugins.trac.wordpress.org/browser/all-contact-form-integration-for-elementor/trunk/includes/export_csv.php#L14", "tags": ["Product"], "source": "[email protected]"}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3056456%40all-contact-form-integration-for-elementor%2Ftrunk&old=3021680%40all-contact-form-integration-for-elementor%2Ftrunk&sfp_email=&sfph_mail=", "tags": ["Patch"], "source": "[email protected]"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6a40ed3c-1f4b-4bf7-b6f4-fc1e145cc989?source=cve", "tags": ["Third Party Advisory"], "source": "[email protected]"}, {"url": "https://plugins.trac.wordpress.org/browser/all-contact-form-integration-for-elementor/trunk/includes/export_csv.php#L14", "tags": ["Product"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3056456%40all-contact-form-integration-for-elementor%2Ftrunk&old=3021680%40all-contact-form-integration-for-elementor%2Ftrunk&sfp_email=&sfph_mail=", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6a40ed3c-1f4b-4bf7-b6f4-fc1e145cc989?source=cve", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-862"}]}], "descriptions": [{"lang": "en", "value": "The EleForms \u2013 All In One Form Integration including DB for Elementor plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check when downloading form submissions in all versions up to, and including, 2.9.9.7. This makes it possible for unauthenticated attackers to view form submissions."}, {"lang": "es", "value": "El complemento EleForms \u2013 All In One Form Integration including DB for Elementor para WordPress, es vulnerable al acceso no autorizado a los datos debido a una falta de verificaci\u00f3n de capacidad al descargar env\u00edos de formularios en todas las versiones hasta la 2.9.9.7 incluida. Esto hace posible que atacantes no autenticados vean los env\u00edos de formularios."}], "lastModified": "2025-03-21T16:15:07.520", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:theinnovs:eleforms:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "688BB3AC-45D1-455F-9A7D-6D7FE148E208", "versionEndExcluding": "2.9.9.8"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}