CVE-2024-10717 – The Styler for Ninja Forms WordPress plugin has... (How to Fix)

Q: What is the severity of CVE-2024-10717?

CVE-2024-10717 has a CVSS score of 6.5 (MEDIUM). The Styler for Ninja Forms WordPress plugin has a missing capability check that allows authenticated users with Subscriber-level access or higher to delete or add arbitrary WordPress option values. This can be exploited to cause denial of service by deleting critical options or to manipulate site configuration. All WordPress sites using this plugin up to version 3.3.4 are affected.

📋 TL;DR

The Styler for Ninja Forms WordPress plugin has a missing capability check that allows authenticated users with Subscriber-level access or higher to delete or add arbitrary WordPress option values. This can be exploited to cause denial of service by deleting critical options or to manipulate site configuration. All WordPress sites using this plugin up to version 3.3.4 are affected.

💻 Affected Systems

Products:

Styler for Ninja Forms WordPress plugin

Versions: All versions up to and including 3.3.4

Operating Systems: All operating systems running WordPress

Default Config Vulnerable: ⚠️ Yes

Notes: Requires WordPress installation with the vulnerable plugin activated. Any authenticated user (Subscriber role or higher) can exploit this vulnerability.

📦 What is this software?

Styler For Ninja Forms by Wpmonks

View all CVEs affecting Styler For Ninja Forms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers delete critical WordPress options causing complete site failure, requiring database restoration to recover.

🟠

Likely Case

Attackers delete specific options causing partial site functionality loss or error pages for legitimate users.

🟢

If Mitigated

Attackers can only manipulate non-critical options with minimal operational impact.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authenticated access but is technically simple. The vulnerability is publicly documented with code references.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.3.5 or later

Vendor Advisory: https://plugins.trac.wordpress.org/browser/styler-for-ninja-forms-lite

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find 'Styler for Ninja Forms' and check for updates. 4. Update to version 3.3.5 or later. 5. Verify the update completed successfully.

🔧 Temporary Workarounds

Temporary Plugin Deactivation

all

Deactivate the vulnerable plugin until patched

wp plugin deactivate styler-for-ninja-forms

Capability Restriction

all

Temporarily restrict Subscriber role capabilities using a security plugin

🧯 If You Can't Patch

Remove Subscriber and higher role access from untrusted users
Implement web application firewall rules to block suspicious option modification requests

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin panel > Plugins > Styler for Ninja Forms version. If version is 3.3.4 or lower, you are vulnerable.

Check Version:

wp plugin get styler-for-ninja-forms --field=version

Verify Fix Applied:

Verify plugin version is 3.3.5 or higher in WordPress admin panel.

📡 Detection & Monitoring

Log Indicators:

WordPress audit logs showing option deletions by non-admin users
Plugin-specific logs showing license deactivation attempts

Network Indicators:

POST requests to /wp-admin/admin-ajax.php with action=deactivate_license

SIEM Query:

source="wordpress" AND (action="deleted_option" OR action="added_option") AND user_role!="administrator"

📊 Metadata

CVE ID: CVE-2024-10717

CVSS v3 Score: 6.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

CWE: CWE-862

Published: November 13, 2024

Last Updated: July 11, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-10717, you might also want to check these: