PT-2024-26700 · Wpdevart · Contact Widget+1

Joshua Chan

Published

2024-06-10

Updated

2024-06-12

CVE-2024-35747

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions wpdevart Contact Form Builder, Contact Widget versions 2.1.7 and earlier

Description The issue is related to an Improper Restriction of Excessive Authentication Attempts vulnerability in wpdevart Contact Form Builder, Contact Widget, allowing Functionality Bypass.

Recommendations For versions 2.1.7 and earlier, update to a version later than 2.1.7 to resolve the issue. As a temporary workaround, consider restricting access to the authentication functionality in the Contact Form Builder, Contact Widget until a patch is available.

Fix

Improper Restriction of Excessive Authentication Attempts

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-307

Related Identifiers

CVE-2024-35747

Affected Products

Contact Widget

Wpdevart Contact Form Builder

PT-2024-26700 · Wpdevart · Contact Widget+1

CVE-2024-35747

Weakness Enumeration

Related Identifiers

Affected Products

References · 6