CVE-2024-0907

Name of the Vulnerable Software and Affected Versions NEX-Forms – Ultimate Form Builder – Contact forms and much more plugin for WordPress versions up to, and including, 8.5.6

Description The issue is related to unauthorized access due to a missing capability check on the restore records() function. This allows authenticated attackers with subscriber-level access and above to restore records.

Recommendations For versions up to, and including, 8.5.6, consider disabling the restore records() function until a patch is available to prevent unauthorized access. Restrict access to the restore records functionality to minimize the risk of exploitation.