CVE-2024-0371: 
WordPress vulnerability analysis and mitigation

The Views for WPForms – Display & Edit WPForms Entries plugin for WordPress contains a vulnerability (CVE-2024-0371) due to a missing capability check on the 'create_view' function in versions up to and including 3.2.2. This security flaw was discovered and reported by Wordfence, with a CVSS v3.1 base score of 4.3 (Medium severity) (Wordfence Advisory).

The vulnerability stems from a missing authorization check in the 'create_view' function, which allows authenticated users with subscriber-level access or higher to create form views without proper authorization. The vulnerability is classified as CWE-862 (Missing Authorization) and has been assigned a CVSS v3.1 vector of CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N (NVD Database).

The vulnerability allows authenticated attackers with subscriber-level access or higher to create form views without proper authorization, potentially leading to unauthorized modification of data within the WordPress installation (Wordfence Advisory).

Users are advised to update to version 3.2.3 or later of the Views for WPForms plugin, which includes a patch for this vulnerability (WordPress Plugin).