CVE-2023-30616

2023-04-2018:15:07

CWE-352

[email protected]

web.nvd.nist.gov

form block

wordpress

plugin

csrf

vulnerability

security fix

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

0.001 Low

EPSS

Percentile

29.4%

JSON

Form block is a wordpress plugin designed to make form creation easier. Versions prior to 1.0.2 are subject to a Cross-Site Request Forgery due to a missing nonce check. There is potential for a Cross Site Request Forgery for all form blocks, since it allows to send requests to the forms from any website without a user noticing. Users are advised to upgrade to version 1.0.2. There are no known workarounds for this vulnerability.

Affected configurations

Vulners

NVD

Node

epiphytform_blockRange<1.0.2

CPENameOperatorVersion
epiph:form_blockepiph form blocklt1.0.2

CPE	Name	Operator	Version
epiph:form_block	epiph form block	lt	1.0.2

CNA Affected

[
  {
    "vendor": "epiphyt",
    "product": "form-block",
    "versions": [
      {
        "version": "< 1.0.2",
        "status": "affected"
      }
    ]
  }
]