CVE-2024-1645

Name of the Vulnerable Software and Affected Versions Mollie Forms plugin for WordPress versions up to, and including, 2.6.3

Description The issue is related to unauthorized access of data due to a missing capability check on the exportRegistrations function. This allows authenticated attackers with subscriber access or higher to export payment data collected by the plugin.

Recommendations For versions up to, and including, 2.6.3, update to a version higher than 2.6.3 to resolve the issue. As a temporary workaround, consider disabling the exportRegistrations function until a patch is available. Restrict access to the plugin's export functionality to minimize the risk of exploitation.