PT-2024-12479 · Unknown · Constant Contact Forms
István Márton
·
Published
2024-12-13
·
Updated
2024-12-16
·
CVE-2023-34387
CVSS v3.1
4.3
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Constant Contact Forms versions 1.14.0 through 2.0.3
Constant Contact Forms version prior to the latest version
Description
The issue is related to a Missing Authorization vulnerability in Constant Contact Forms, allowing exploitation of incorrectly configured access control security levels. This involves broken access control, which can be exploited due to missing authorization.
Recommendations
For Constant Contact Forms versions 1.14.0 through 2.0.3, update to the latest version to secure your site.
For versions prior to the latest version, update to the latest version of the plugin to protect your site.
Fix
Missing Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Constant Contact Forms