cleantalk
Vulnerabilities and Security Researches

Contact Form and Calls To Action by vcita, CVE-2024-13717

CVE, Research URL

CVE-2024-13717

Home page URL

Security reports for Contact Form and Calls To Action by vcita

Application

Contact Form and Calls To Action by vcita

Published on
Jan 31, 2025
Research Description
The Contact Form and Calls To Action by vcita plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the vcita_ajax_toggle_ae and vcita_ajax_toggle_contact functions in all versions up to, and including, 2.7.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to enabled and disable widgets.
Affected versions
Min -, max 2.7.1.
Status
vulnerable
Previous vulnerability researches
Contact Form and Calls To Action by vcita (CVE-2023-2302) , Jun 07, 2024
Contact Form and Calls To Action by vcita (CVE-2023-2303) , Jun 07, 2024
Contact Form and Calls To Action by vcita (CVE-2024-13717) , Feb 01, 2025
New vulnerability
WP Simple Booking Calendar (CVE-2025-39541) , Apr 20, 2025
WordPress Job Board and Recruitment Plugin – JobWP (CVE-2025-2010) , Apr 20, 2025
WP Logger (CVE-2025-39456) , Apr 20, 2025
visualslider Sldier (CVE-2025-23448) , Apr 20, 2025
RSS Manager (CVE-2025-39418) , Apr 20, 2025