3 matches found
CVE-2024-0373
The Views for WPForms – Display & Edit WPForms Entries on your site frontend plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.2. This is due to missing or incorrect nonce validation on the 'saveview' function. This makes it possible for...
CVE-2024-0373 Views for WPForms <= 3.2.2 - Cross-Site Request Forgery via save_view
The Views for WPForms – Display & Edit WPForms Entries on your site frontend plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.2. This is due to missing or incorrect nonce validation on the 'saveview' function. This makes it possible for...
ImageMapper <= 1.2.6 - Stored XSS via CSRF
Description The plugin does not have CSRF check in its imgmapsaveareatitle function, which could allow attackers to make logged in admins update arbitrary post titles with XSS payloads via a CSRF attack...