CVE-2024-10717

Name of the Vulnerable Software and Affected Versions The Styler for Ninja Forms plugin for WordPress versions up to, and including, 3.3.4

Description The issue allows unauthorized modification of data, potentially leading to a denial of service, due to a missing capability check on the deactivate license function. This enables authenticated attackers with Subscriber-level access and above to delete arbitrary option values on the WordPress site, which can be leveraged to create an error and deny service to legitimate users. Additionally, this issue can be used to add arbitrary options with an empty value.

Recommendations For versions up to, and including, 3.3.4, update to a version that includes a fix for this issue to prevent unauthorized modification of data and potential denial of service. At the moment, there is no information about a newer version that contains a fix for this vulnerability.