An unauthenticated IDOR vulnerability in Toolset Forms poses a high risk by allowing unauthorized entities to access or modify sensitive objects within the application.

The vulnerability is an Insecure Direct Object Reference (IDOR) that lacks authentication checks. Attackers can leverage this to interact with objects they should not have access to, potentially leading to unauthorized data modification or disclosure.

Successful exploitation poses a severe risk to data integrity and confidentiality. With a CVSS score of 7.5, this vulnerability allows attackers to bypass standard security controls, which may result in unauthorized data exposure or the corruption of business-critical information.

Immediate Action: Update Toolset Forms to the latest version as soon as the vendor provides a patch to address this access control flaw.

Proactive Monitoring: Monitor application logs for unexpected access attempts to form-related objects or unauthorized ID-based requests.

Compensating Controls: Deploy WAF filtering rules to identify and block traffic patterns indicative of IDOR enumeration attempts.

Public Exploit Available: false

This vulnerability is critical due to the lack of required authentication for exploitation. Security teams must ensure that the plugin is updated immediately upon vendor release and perform a review of access logs to identify any evidence of past exploitation attempts.