CVE-2024-56002: 
WordPress vulnerability analysis and mitigation

Missing Authorization vulnerability in Porthas Inc. Contact Form, Survey & Form Builder – MightyForms allows exploiting incorrectly configured access control security levels. This vulnerability affects versions through 1.3.9 of the MightyForms WordPress plugin. The issue was discovered and reported on November 27, 2024, and was publicly disclosed on December 14, 2024 (Patchstack).

The vulnerability has been assigned a CVSS v3.1 base score of 6.4 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L. The issue is classified as CWE-862 (Missing Authorization) and affects the access control mechanisms in the plugin (Patchstack).

The broken access control vulnerability could allow an unprivileged user to execute certain higher privileged actions. The CVSS score indicates that while the vulnerability requires low privilege access, it could have impacts on both integrity and availability of the system (Patchstack).

Users are advised to update to version 1.3.10 or later to resolve the vulnerability. For those unable to update immediately, Patchstack has issued a virtual patch to mitigate this issue by blocking potential attacks until the fixed version can be installed (Patchstack).