CVSS 3.1 Score 5.3 of 10 (medium)


Published Feb 29, 2024


CVE-2024-1130 is a vulnerability found in the NEX-Forms – Ultimate Form Builder – Contact forms and much more plugin for WordPress. This vulnerability exists in all versions up to and including 8.5.6. The issue arises from a missing capability check on the set_read() function, allowing authenticated attackers with subscriber-level access or higher to mark records as read. The risk score for this vulnerability is 26, indicating a medium level of severity. The exploitability score is 3.9 out of 10, suggesting a moderate possibility of exploitation. It is categorized as a network-based attack vector with low integrity impact and no confidentiality impact. Remediation for this vulnerability has not been specified in the provided information.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2024-1130 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options