CVE-2024-2112
First published: Tue Apr 09 2024(Updated: )
The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.15.22 via the signature functionality. This makes it possible for unauthenticated attackers to extract sensitive data including user signatures.
Credit: security@wordfence.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| 10Web Form Maker | <=1.15.22 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2024-2112?
CVE-2024-2112 is classified as a Sensitive Information Exposure vulnerability.
How do I fix CVE-2024-2112?
To fix CVE-2024-2112, update the Form Maker plugin to version 1.15.23 or later.
Who is affected by CVE-2024-2112?
All users of the Form Maker by 10Web plugin up to and including version 1.15.22 are affected by CVE-2024-2112.
What data is exposed in CVE-2024-2112?
CVE-2024-2112 allows unauthenticated attackers to extract sensitive information via the signature functionality.
Is CVE-2024-2112 present in previous versions of the plugin?
Yes, CVE-2024-2112 affects all versions of the Form Maker plugin up to and including 1.15.22.
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/type
- agent/description
- agent/references
- agent/first-publish-date
- collector/nvd-api
- source/NVD
- agent/severity
- agent/last-modified-date
- agent/author
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/10web
- canonical/10web form maker