CVE-2024-2368 Mollie Forms <= 2.6.13 - Cross-Site Request Forgery to Arbitrary Post Duplication

The Mollie Forms plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.13. This is due to missing or incorrect nonce validation on the duplicateForm function. This makes it possible for unauthenticated attackers to duplicate forms via a forged...

Mollie Forms < 2.6.4 - Missing Authorization to Arbitrary Post Duplication

Description The Mollie Forms plugin for WordPress is vulnerable to unauthorized post or page duplication due to a missing capability check on the duplicateForm function in all versions up to, and including, 2.6.3. This makes it possible for authenticated attackers, with subscriber access or highe...

Funnelforms Free < 3.4.2 - Cross-Site Request Forgery to Arbitrary Post Duplication

Description The Funnelforms Free plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.4. This is due to missing or incorrect nonce validation on the fnsfcopyposts function. This makes it possible for unauthenticated attackers to create copies of...

Image Slider < 1.1.123 - Arbitrary Post Duplication via CSRF

The plugin does not have CSRF check in place when duplicating a post or page, which could allow attackers to make a logged in a admin duplicate them via a CSRF attack...

Gallery for Social Photo < 1.0.0.29 - Arbitrary Post Duplication via CSRF

The plugin does not have CSRF check in place when duplicating a post or page, which could allow attackers to make a logged in a admin duplicate them via a CSRF attack PoC https://example.com/wp-admin/admin-ajax.php?action=gifeedduplicatefeed=12...

Gallery for Social Photo < 1.0.0.29 - Arbitrary Post Duplication via CSRF

The plugin does not have CSRF check in place when duplicating a post or page, which could allow attackers to make a logged in a admin duplicate them via a CSRF attack https://example.com/wp-admin/admin-ajax.php?action=gifeedduplicatefeed&post=12...