漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Advanced Form Integration < 2.1.1 - Unauthenticated Privilege Escalation via Breakdance Form Role Mapping
Vulnerability Description
The Advanced Form Integration — Connect Forms to 200+ Apps WordPress plugin before 2.1.1 does not restrict the WordPress role assigned when it creates a user from a public form submission, allowing unauthenticated visitors to create an administrator account when an active integration maps the user role to a public form field. This requires a specific, non-default multi-Advanced Form Integration — Connect Forms to 200+ Apps WordPress plugin before 2.1.1 configuration.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
WordPress Advanced Form Integration 权限许可和访问控制问题漏洞
Vulnerability Description
WordPress Advanced Form Integration是WordPress基金会的一款连接表单与超200个应用的集成插件。 WordPress Advanced Form Integration 2.1.1之前版本存在权限许可和访问控制问题漏洞,该漏洞源于未限制从公共表单提交创建用户时分配的WordPress角色,可能导致未经验证的访问者在活跃集成将用户角色映射到公共表单字段时创建管理员账户。
CVSS Information
N/A
Vulnerability Type
N/A