The REST API route was originally protected using a generic permissions_check callback. This check did not properly restrict access to high-privilege users, potentially allowing unauthorized users to access sensitive endpoints.

This vulnerability affects the following application versions:

  • WPForms 1.8.8.2
  • WPForms 1.8.8.3
  • WPForms 1.8.9.1
  • WPForms 1.8.9.2
  • WPForms 1.8.9.4
  • WPForms 1.8.9.5
  • WPForms 1.8.9.6
  • WPForms 1.9.0.1
  • WPForms 1.9.0.2
  • WPForms 1.9.0.3
  • WPForms 1.9.0.4
  • WPForms 1.9.1.1
  • WPForms 1.9.1.2
  • WPForms 1.9.1.3
  • WPForms 1.9.1.4
  • WPForms 1.9.1.5
  • WPForms 1.9.1.6
  • WPForms 1.9.2.1
  • WPForms 1.9.2.2

Skriv et svar

Din e-mailadresse vil ikke blive publiceret. Krævede felter er markeret med *