WordPress Plugin Vulnerabilities

RomethemeForm For Elementor < 1.1.3 - Missing Authorization

Description

The RomethemeForm For Elementor plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions in versions up to, and including, 1.1.2. This makes it possible for unauthenticated attackers to modify forms.

Affects Plugins

Plugin icon
romethemeform
Fixed in 1.1.3

References

CVE
CVE-2024-32727
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/0d6adf41-6cb1-4c11-940d-fabc9298f3af

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
5.3 (medium)

Miscellaneous

Original Researcher
thiennv
Verified
No
WPVDB ID
adf542c5-1ff2-45d5-ac9e-897ae6b5d9e1

Timeline

Publicly Published
2024-04-22 (about 2 years ago)
Added
2024-04-29 (about 2 years ago)
Last Updated
2024-04-29 (about 2 years ago)

Other

Published
Title
Published
2023-06-26
Title
AutomateWoo < 5.7.6 - Missing Authorization
Published
2025-03-14
Title
Directory Listings WordPress plugin – uListing <= 2.2.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Meta Update and PHP Object Injection
Published
2024-08-07
Title
Easy Digital Downloads < 3.3.1 - Missing Authorization
Published
2025-06-05
Title
GPP Slideshow <= 1.3.5 - Missing Authorization
Published
2025-05-07
Title
LocateAndFilter < 1.6.17 - Missing Authorization