Lucene search
China National Vulnerability DatabaseCNVD-2022-69133HistoryJul 09, 2021 - 12:00 a.m.
WordPress WP Fluent Forms plugin cross-site request forgery vulnerability
2021-07-0900:00:00
China National Vulnerability Database
www.cnvd.org.cn
8
wordpress
wp fluent forms
cross-site request forgery
vulnerability
php
mysql
ajax operations
access control
cross-site scripting
privilege elevation
EPSS
0.002
Percentile
53.4%
WordPress is the WordPress Foundation’s suite of blogging platforms developed using the PHP language. The platform supports the hosting of personal blogging sites on servers with PHP and MySQL.A cross-site request forgery vulnerability exists in versions of WordPress WP Fluent Forms plugin prior to 3.6.67. The vulnerability stems from a missing random number check in the access control feature that manages AJAX operations, which can be exploited by an attacker to cause stored cross-site scripting and a limited privilege elevation.
Related
openvas
openvas
WordPress Contact Form Plugin < 3.6.67 CSRF Vulnerability
2024-01-02 00:00:00
patchstack
patchstack
nvd
nvd
CVE-2021-34620
2021-07-07 13:15:08
prion
prion
Cross site scripting
2021-07-07 13:15:00
wpvulndb
wpvulndb
WP Fluent Forms < 3.6.67 - Cross-Site Request Forgery (CSRF)
2021-06-17 00:00:00
cvelist
cvelist
cve
cve
CVE-2021-34620
2021-07-07 13:15:08