CVE-2024-1400

The Mollie Forms plugin for WordPress is vulnerable to unauthorized post or page duplication due to a missing capability check on the duplicateForm function in all versions up to, and including, 2.6.3. This makes it possible for authenticated attackers, with subscriber access or higher, to duplicate arbitrary posts and pages.

CVSS

No CVSS.

References

Link	Resource
https://plugins.trac.wordpress.org/changeset/3046896/mollie-forms/trunk/classes/Admin.php	Patch
https://plugins.trac.wordpress.org/changeset/3046896/mollie-forms/trunk/classes/Admin.php	Patch
https://www.wordfence.com/threat-intel/vulnerabilities/id/43c4ca71-0bf0-4529-97d9-2349f96bbb9e?source=cve	Third Party Advisory
https://www.wordfence.com/threat-intel/vulnerabilities/id/43c4ca71-0bf0-4529-97d9-2349f96bbb9e?source=cve	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:wobbie:mollie_forms:*:*:*:*:*:wordpress:*:*

History

05 Feb 2025, 20:56

Type	Values Removed	Values Added
References	~~() https://www.wordfence.com/threat-intel/vulnerabilities/id/43c4ca71-0bf0-4529-97d9-2349f96bbb9e?source=cve -~~	() https://www.wordfence.com/threat-intel/vulnerabilities/id/43c4ca71-0bf0-4529-97d9-2349f96bbb9e?source=cve - Third Party Advisory
References	~~() https://plugins.trac.wordpress.org/changeset/3046896/mollie-forms/trunk/classes/Admin.php -~~	() https://plugins.trac.wordpress.org/changeset/3046896/mollie-forms/trunk/classes/Admin.php - Patch
CWE		NVD-CWE-noinfo
First Time		Wobbie Wobbie mollie Forms
CPE		cpe:2.3:a:wobbie:mollie_forms::::::wordpress::*

11 Mar 2024, 22:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-03-11 22:15

Updated : 2025-02-05 20:56

NVD link : CVE-2024-1400

Mitre link : CVE-2024-1400

JSON object : View

Products Affected

wobbie

mollie_forms

CWE

NVD-CWE-noinfo

JSON object

Attach tags to CVE-2024-1400

Attach tags to `CVE-2024-1400`