Gutena Forms WordPress Plugin Missing Authorization Vulnerability Allowing Unauthorized Data Modification
Vulnerability
A vulnerability exists in the Gutena Forms WordPress plugin, specifically in the 'save_gutena_forms_schema()' function, in all versions up to and including 1.6.0. The issue stems from a lack of proper authorization, allowing authenticated attackers with Contributor-level access or higher to unauthorizedly modify data. This vulnerability enables such users to update option values to structured array values on the WordPress site. Exploitation could lead to creating errors that disrupt service for legitimate users or manipulating settings, such as enabling user registration when it is disabled.
Impact
Exploitation of this vulnerability could cause errors on the WordPress site, disrupting service for legitimate users. Additionally, it could be used to change settings in a way that undermines site functionality, such as turning on user registration when it is supposed to be off.
Remediation
Users are advised to update the Gutena Forms WordPress plugin to version 1.6.1 or a newer patched version.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.