2 matches found
CVE-2021-39353
The CVE-2021-39353 entry concerns the WordPress plugin Easy Registration Forms (versions up to 2.1.1). The vulnerability is Cross-Site Request Forgery caused by missing nonce validation in the ajax_add_form function within includes/class-form.php, enabling an attacker to inject arbitrary web scri...
CVE-2021-39353 Easy Registration Forms <= 2.1.1 Cross-Site Request Forgery to Stored Cross-Site Scripting
The Easy Registration Forms WordPress plugin is vulnerable to Cross-Site Request Forgery due to missing nonce validation via the ajaxaddform function found in the /includes/class-form.php file which made it possible for attackers to inject arbitrary web scripts in versions up to, and including...