CVE-2024-2797

MEDIUM

MailerLite - Signup forms (official) plugin for WordPress <1.7.6 - ...

Title source: llm
STIX 2.1

Description

The MailerLite – Signup forms (official) plugin for WordPress is vulnerable to unauthorized plugin setting changes due to a missing capability check on the toggleRolesAndPermissions and editAllowedRolesAndPermissions functions in all versions up to, and including, 1.7.6. This makes it possible for unauthenticated attackers to allow lower level users to modify forms.

Scores

CVSS v3 5.3
EPSS 0.0050
EPSS Percentile 39.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact partial

Details

CWE
CWE-862
Status published
Products (1)
mailerlite/MailerLite – Signup forms (official) < 1.7.6
Published May 02, 2024
Tracked Since Feb 18, 2026