CVE-2024-0710

MEDIUM 5.3

GP Unique ID <= 1.5.5 - Unauthenticated Form Submission Unique ID Modification

CVSS Score

5.3

EPSS Score

0.0%

EPSS Percentile

0th

The GP Unique ID plugin for WordPress is vulnerable to Unique ID Modification in all versions up to, and including, 1.5.5. This is due to insufficient input validation. This makes it possible for unauthenticated attackers to tamper with the generation of a unique ID on a form submission and replace the generated unique ID with a user-controlled one, leading to a loss of integrity in cases where the ID's uniqueness is relied upon in a security-specific context.

CWE	CWE-20
Vendor	gravity wiz
Product	gp unique id
Published	May 2, 2024
Last Updated	Apr 8, 2026

Stay Ahead of the Next One

Get instant alerts for gravity wiz gp unique id

Be the first to know when new medium vulnerabilities affecting gravity wiz gp unique id are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Affected Versions

Gravity Wiz / GP Unique ID

0 ≤ 1.5.5

References

NVD ↗ CVE.org ↗ EPSS Data ↗

wordfence.com: https://www.wordfence.com/threat-intel/vulnerabilities/id/26db2d25-01b8-49c5-a4d6-284780ac97bb?source=cve gravitywiz.com: https://gravitywiz.com/documentation/gravity-forms-unique-id/ github.com: https://github.com/karlemilnikka/CVE-2024-0710/blob/main/README.md

Credits

Karl Emil Nikka