WordPress Plugin Vulnerabilities

CubeWP Forms <= 1.1.10 - Missing Authorization

Description

The plugin is vulnerable to unauthorized access due to a missing capability check on a function. This makes it possible for unauthenticated attackers to perform an unauthorized action.

Affects Plugins

Plugin icon
cubewp-forms
No known fix

References

CVE
CVE-2024-51651
URL
https://patchstack.com/database/wordpress/plugin/cubewp-forms/vulnerability/wordpress-cubewp-forms-plugin-1-1-5-broken-access-control-vulnerability

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
5.3 (medium)

Miscellaneous

Original Researcher
hunter85
Verified
No
WPVDB ID
21988e31-200a-4043-ae34-a82a77986c75

Timeline

Publicly Published
2025-01-06 (about 1 year ago)
Added
2025-01-15 (about 1 year ago)
Last Updated
2026-01-14 (about 3 months ago)

Other

Published
Title
Published
2026-04-29
Title
Paymattic – Secure, Simple Payment & Donation with Subscription Payments, Recurring Donations, Customer Management < 4.6.20 - Missing Authorization
Published
2024-12-11
Title
Snippet Shortcodes < 4.1.7 - Authenticated (Subscriber+) Shortcode Deletion
Published
2025-07-03
Title
EventON <= 4.9.9 - Missing Authorization
Published
2025-11-29
Title
Notification for Telegram < 3.5.2 - Missing Authorization
Published
2024-07-22
Title
Custom Query Blocks < 5.3.0 - Missing Authorization via REST Routes