How severe is CVE-2024-10717?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.5 out of 10.

What type of vulnerability is CVE-2024-10717?

This is classified as CWE-862, which is a common weakness in software security.

CVE-2024-10717 - MEDIUM Severity | CVSS 6.5

Vulnerability Description

The Styler for Ninja Forms plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the deactivate_license function in all versions up to, and including, 3.3.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary option values on the WordPress site. This can be leveraged to delete an option that would create an error on the site and deny service to legitimate users. Note: This issue can also be used to add arbitrary options with an empty value.

Related Vulnerabilities

CVE-2013-3703

MEDIUM

CVSS:6.5(Medium)

The controller of the Open Build Service API prior to version 2.4.4 is missing a write permission check, allowing an authenticated attacker to add or remove user roles from packages and/or project met...

CWE-8622013

CVE-2013-4226

MEDIUM

CVSS:6.5(Medium)

The Authenticated User Page Caching (Authcache) module 7.x-1.x before 7.x-1.5 for Drupal does not properly restrict access to cached pages, which allows remote attackers with the same role-combination...

CWE-8622013

CVE-2017-15680

MEDIUM

CVSS:6.5(Medium)

In Crafter CMS Crafter Studio 3.0.1 an IDOR vulnerability exists which allows unauthenticated attackers to view and modify administrative data.

CWE-8622017

CVE-2017-6564

MEDIUM

CVSS:6.5(Medium)

On Franklin Fueling Systems TS-550 evo 2.3.0.7332 devices, the Guest user, which contains the lowest privileges, can post to the idSourceFileName parameter found within the /download directory. This a...

CWE-8622017

CVE-2017-6923

MEDIUM

CVSS:6.5(Medium)

In Drupal 8.x prior to 8.3.7 When creating a view, you can optionally use Ajax to update the displayed data via filter parameters. The views subsystem/module did not restrict access to the Ajax endpoi...

CWE-8622017

CVE-2018-11785

MEDIUM

CVSS:6.5(Medium)

Missing authorization check in Apache Impala before 3.0.1 allows a Kerberos-authenticated but unauthorized user to inject random data into a running query, leading to wrong results for a query.

CWE-8622018