CVE-2024-56276
WordPress WPForms Lite plugin <= 1.9.2.2 - Broken Access Control vulnerabilityMissing Authorization vulnerability in WPForms Contact Form by WPForms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Form by WPForms: from n/a through 1.9.2.2.
We have discovered 268,820 live websites that are affected by CVE-2024-56276.
Affected Software
| Product |  WPForms |
| Category | Form Builders |
| Vulnerable Domains | 268,820 live websites (48.78% of WPForms install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 189 versions ( 94.50% of all versions) |
Common Weakness Enumeration
CWE-862 Missing AuthorizationDetails
- Published - Jan 7, 2025
- Updated - Jan 7, 2025
Credits
- Rafie Muhammad (Patchstack) (finder)
CWE
CVE References
CWE References
CVE-2024-56276 usage by Country
 United States | 90,612 websites |
 Germany | 34,336 websites |
 France | 17,107 websites |
 GB | 11,459 websites |
 Cyprus | 11,069 websites |
 Italy | 8,847 websites |
 Netherlands | 6,716 websites |
 Spain | 5,731 websites |
 Poland | 5,472 websites |
 Russia | 4,751 websites |
CVE-2024-56276 usage by TLD
| .com | 117,095 websites |
| .de | 13,182 websites |
| .org | 12,279 websites |
| .co.uk | 8,275 websites |
| .nl | 7,172 websites |
| .it | 6,823 websites |
| .fr | 6,731 websites |
| .com.br | 6,125 websites |
| .net | 5,827 websites |
| .com.au | 5,125 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2024-56276
Top websites that are affected by CVE-2024-56276. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ********.com | Germany | *,*** | |
| ****************.com | United States | *,*** | |
| *******.com | Netherlands | *,*** | |
| ******.com | United States | *,*** | |
| ******.com | United States | *,*** | |
| ***********************.com | United States | *,*** | |
| *******.com | United States | *,*** | |
| *******.org | Germany | *,*** | |
| *************.com | United States | *,*** | |
| ****.bg |  Bulgaria | *,*** |
FAQ
CVE-2024-56276 is Missing Authorization in WPForms
A total of 268,820 websites have been identified as vulnerable to CVE-2024-56276, based on global website indexing conducted by WebTechSurvey.
The WPForms is affected by the CVE-2024-56276 vulnerability.
WPForms versions up to and including 1.9.2.2 are vulnerable to CVE-2024-56276.