WordPress Plugin Vulnerabilities

Happyforms < 1.25.11 - Missing Authorization

Description

The plugin is vulnerable to unauthorized access due to a missing capability check, allowing unauthenticated attackers to perform unauthorized actions.

Affects Plugins

Plugin icon
happyforms
Fixed in 1.25.11

References

CVE
CVE-2024-23521
URL
https://patchstack.com/database/vulnerability/happyforms/wordpress-happyforms-plugin-1-25-10-broken-access-control-vulnerability

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
5.3 (medium)

Miscellaneous

Original Researcher
Revan Arifio
Verified
No
WPVDB ID
45d4f1c2-148c-4803-ba3f-71a7f196f8bd

Timeline

Publicly Published
2024-01-31 (about 2 years ago)
Added
2024-02-05 (about 2 years ago)
Last Updated
2024-02-22 (about 2 years ago)

Other

Published
Title
Published
2024-08-27
Title
Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms Free < 3.7.4.1 - Missing Authorization to Unauthenticated Arbitrary Media Upload
Published
2026-03-01
Title
Precious Metals Automated Product Pricing – Pro <= 4.0.5 - Missing Authorization
Published
2023-11-13
Title
AWeber < 7.3.10 - Missing Authorization via AJAX actions
Published
2025-02-19
Title
LTL Freight Quotes – GlobalTranz Edition < 2.3.13 - Missing Authorization to Unauthenticated Settings Update
Published
2025-07-17
Title
Listly: Listicles For WordPress <= 2.7 - Unauthenticated Arbitrary Transient Deletion