CVE-2024-2043

Name of the Vulnerable Software and Affected Versions EleForms – All In One Form Integration including DB for Elementor plugin for WordPress versions up to, and including, 2.9.9.7

Description The issue allows unauthorized access to data due to a missing capability check when downloading form submissions. This makes it possible for unauthenticated attackers to view form submissions.

Recommendations For versions up to, and including, 2.9.9.7, update the plugin to a version higher than 2.9.9.7 to resolve the issue. As a temporary workaround, consider restricting access to form submissions until a patch is available.