CVE-2024-5053
CVSS 3.1 Score 4.2 of 10 (medium)
Details
Summary
CVE-2024-5053 identifies a vulnerability in the Fluent Forms Contact Form Plugin for WordPress, specifically affecting all versions up to and including 5.1.18. This vulnerability allows Form Managers with Subscriber-level access to unauthorizedly modify the Mailchimp API key due to an insufficient capability check in the verifyRequest function. Additionally, a lack of proper Mailchimp API key validation can redirect integration requests to an attacker-controlled server, posing risks of data exfiltration or manipulation. To remediate this issue, users should update the plugin to the latest version that addresses these vulnerabilities. The potential danger includes unauthorized access and control over Mailchimp integrations, which could lead to compromised data integrity and confidentiality.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.