CVE-2024-10717

MEDIUM

Styler for Ninja Forms <= 3.3.4 - Authenticated Arbitrary Option Deletion and DoS via Missing Capability Check

Title source: llm
STIX 2.1

Description

The Styler for Ninja Forms plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the deactivate_license function in all versions up to, and including, 3.3.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary option values on the WordPress site. This can be leveraged to delete an option that would create an error on the site and deny service to legitimate users. Note: This issue can also be used to add arbitrary options with an empty value.

Scores

CVSS v3 6.5
EPSS 0.0040
EPSS Percentile 31.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-862
Status published
Products (2)
wpmonks/Styler for Ninja Forms < 3.3.4
wpmonks/styler_for_ninja_forms < 3.3.4
Published Nov 13, 2024
Tracked Since Feb 18, 2026