Lucene search
+L

4 matches found

CVE
CVE
added 2026/07/02 6:0 a.m.15 views

CVE-2026-11578

The CVE concerns the Fluent Forms WordPress plugin prior to 6.2.5, where deletion of form submission entries is not properly restricted to forms a restricted Manager is authorized to manage. This misconfiguration allows a Manager limited to specific forms to permanently delete submission entries ...

2.7CVSS5.8AI score0.00168EPSS
Exploits0References1
OSV
OSV
added 2023/01/20 11:22 p.m.21 views

GHSA-J9Q2-F9Q7-JHGQ CakePHP SecurityComponent cross form submission issue

Prior to versions 2.4.8 and 1.3.18, forms secured by SecurityComponent could be submitted to any action without triggering SecurityComponent’s tampering protection. If an application contained multiple POST forms to manipulate the same models, it could be vulnerable to mass assignment issues...

7AI score
Exploits0References4
Github Security Blog
Github Security Blog
added 2023/01/20 11:22 p.m.17 views

CakePHP SecurityComponent cross form submission issue

Prior to versions 2.4.8 and 1.3.18, forms secured by SecurityComponent could be submitted to any action without triggering SecurityComponent’s tampering protection. If an application contained multiple POST forms to manipulate the same models, it could be vulnerable to mass assignment issues...

2.8AI score
Exploits0References4Affected Software1
Friends Of PHP
Friends Of PHP
added 2014/04/29 11:30 a.m.16 views

SecurityComponent cross form submission issue

More info at https://bakery.cakephp.org/2014/04/29/CakePHP-1-3-18-and-2-4-8-released.html...

7.2AI score
Exploits0Affected Software1
Rows per page
Query Builder