CVE-2024-2797

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-2797
The MailerLite – Signup forms (official) plugin for WordPress is vulnerable to unauthorized plugin setting changes due to a missing capability check on the toggleRolesAndPermissions and editAllowedRolesAndPermissions functions in all versions up to, and including, 1.7.6. This makes it possible for unauthenticated attackers to allow lower level users to modify forms.

5.3 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://plugins.trac.wordpress.org/browser/official-mailerlite-sign-up-forms/trunk/src/Admin/Actions.php#L41
https://plugins.trac.wordpress.org/changeset/3070584/official-mailerlite-sign-up-forms/trunk?contextall=1&old=3045803&old_path=%2Fofficial-mailerlite-sign-up-forms%2Ftrunk
https://www.wordfence.com/threat-intel/vulnerabilities/id/a03b4c19-85fa-47ad-b9ae-b466f8e5ca96?source=cve
https://plugins.trac.wordpress.org/browser/official-mailerlite-sign-up-forms/trunk/src/Admin/Actions.php#L41
https://plugins.trac.wordpress.org/changeset/3070584/official-mailerlite-sign-up-forms/trunk?contextall=1&old=3045803&old_path=%2Fofficial-mailerlite-sign-up-forms%2Ftrunk
https://www.wordfence.com/threat-intel/vulnerabilities/id/a03b4c19-85fa-47ad-b9ae-b466f8e5ca96?source=cve
Configurations

No configuration.

History

08 Apr 2026, 18:21

Type Values Removed Values Added
CWE CWE-862

21 Nov 2024, 09:10

Type Values Removed Values Added
Summary
  • (es) El complemento MailerLite – Signup forms (official) para WordPress es vulnerable a cambios no autorizados en la configuración del complemento debido a una falta de verificación de capacidad en las funciones toggleRolesAndPermissions y editAllowedRolesAndPermissions en todas las versiones hasta la 1.7.6 incluida. Esto hace posible que atacantes no autenticados permitan a usuarios de niveles inferiores modificar formularios.
References () https://plugins.trac.wordpress.org/browser/official-mailerlite-sign-up-forms/trunk/src/Admin/Actions.php#L41 - () https://plugins.trac.wordpress.org/browser/official-mailerlite-sign-up-forms/trunk/src/Admin/Actions.php#L41 -
References () https://plugins.trac.wordpress.org/changeset/3070584/official-mailerlite-sign-up-forms/trunk?contextall=1&old=3045803&old_path=%2Fofficial-mailerlite-sign-up-forms%2Ftrunk - () https://plugins.trac.wordpress.org/changeset/3070584/official-mailerlite-sign-up-forms/trunk?contextall=1&old=3045803&old_path=%2Fofficial-mailerlite-sign-up-forms%2Ftrunk -
References () https://www.wordfence.com/threat-intel/vulnerabilities/id/a03b4c19-85fa-47ad-b9ae-b466f8e5ca96?source=cve - () https://www.wordfence.com/threat-intel/vulnerabilities/id/a03b4c19-85fa-47ad-b9ae-b466f8e5ca96?source=cve -

02 May 2024, 17:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-05-02 17:15

Updated : 2026-04-15 00:35

NVD link : CVE-2024-2797

Mitre link : CVE-2024-2797

CVE.ORG link : CVE-2024-2797

JSON object : View

Products Affected

No product.

CWE
CWE-862

Missing Authorization