454 matches found
Design/Logic Flaw
The Views for WPForms – Display & Edit WPForms Entries on your site frontend plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'createview' function in all versions up to, and including, 3.2.2. This makes it possible for authenticated...
Cross site request forgery (csrf)
The Views for WPForms – Display & Edit WPForms Entries on your site frontend plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.2. This is due to missing or incorrect nonce validation on the 'saveview' function. This makes it possible for...
Cross site request forgery (csrf)
The Views for WPForms – Display & Edit WPForms Entries on your site frontend plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.2. This is due to missing or incorrect nonce validation on the 'createview' function. This makes it possible for...
CVE-2024-0370
The Views for WPForms – Display & Edit WPForms Entries on your site frontend plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'saveview' function in all versions up to, and including, 3.2.2. This makes it possible for authenticated...
Design/Logic Flaw
The Views for WPForms – Display & Edit WPForms Entries on your site frontend plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'saveview' function in all versions up to, and including, 3.2.2. This makes it possible for authenticated...
CVE-2024-0371
The Views for WPForms – Display & Edit WPForms Entries on your site frontend plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'createview' function in all versions up to, and including, 3.2.2. This makes it possible for authenticated...
CVE-2024-0373
The CVE-2024-0373 entry concerns the WordPress plugin Views for WPForms – Display & Edit WPForms Entries on your site frontend, vulnerable to Cross-Site Request Forgery due to missing or incorrect nonce validation in the save_view function. Affected versions are all up to and including 3.2.2. The...
CVE-2024-0371
The Views for WPForms – Display & Edit WPForms Entries on your site frontend plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'createview' function in all versions up to, and including, 3.2.2. This makes it possible for authenticated...
CVE-2024-0371
CVE-2024-0371 concerns the WordPress plugin Views for WPForms – Display & Edit WPForms Entries on your site frontend. The issue is a missing capability check in the create_view function, affecting all versions up to and including 3.2.2, enabling authenticated users with subscriber access and abov...
CVE-2024-0370
The CVE-2024-0370 entry affects Views for WPForms – Display & Edit WPForms Entries on your site frontend (WordPress), vulnerable versions up to and including 3.2.2. The root cause is a missing authorization check in the save_view function, enabling authenticated users with subscriber access and a...
CVE-2024-0370 Views for WPForms <= 3.2.2 - Missing Authorization via save_view
The Views for WPForms – Display & Edit WPForms Entries on your site frontend plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'saveview' function in all versions up to, and including, 3.2.2. This makes it possible for authenticated...
CVE-2024-0374
CVE-2024-0374 affects the WordPress plugin Views for WPForms – Display & Edit WPForms Entries on your site frontend. The issue is CSRF due to missing/incorrect nonce validation in the create_view function, allowing unauthenticated attackers to create views via a forged request if they trick an ad...
CVE-2024-0372 Views for WPForms <= 3.2.2 - Missing Authorization via get_form_fields
The Views for WPForms – Display & Edit WPForms Entries on your site frontend plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'getformfields' function in all versions up to, and including, 3.2.2. This makes it possible for authenticated...
CVE-2024-0372 Views for WPForms <= 3.2.2 - Missing Authorization via get_form_fields
The Views for WPForms – Display & Edit WPForms Entries on your site frontend plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'getformfields' function in all versions up to, and including, 3.2.2. This makes it possible for authenticated...
CVE-2024-0372
CVE-2024-0372 affects the WordPress plugin Views for WPForms Lite up to version 3.2.2, with a missing authorization check in get_form_fields that allows authenticated users with subscriber+ role to create or view form data. The issue is rooted in an improper permission check for the get_form_fiel...
PT-2024-15506 · WordPress · Views For Wpforms
Name of the Vulnerable Software and Affected Versions: The Views for WPForms – Display & Edit WPForms Entries on your site frontend plugin for WordPress versions up to, and including, 3.2.2 Description: The issue is related to unauthorized modification of data due to a missing capability check on...
WordPress plugin Views for WPForms security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in the...
WordPress plugin Views for WPForms security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in the...
WordPress plugin Views for WPForms security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...
WordPress plugin Views for WPForms security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...