2 matches found
CVE-2024-1415
CVE-2024-1415 affects the WordPress plugin Responsive Contact Form Builder & Lead Generation (lead-form-builder) up to version 1.8.9. Root cause: missing/incorrect nonce validation enables CSRF, allowing unauthenticated users to trigger actions (form deletion, lead signup, file upload) by trickin...
CVE-2024-1415 Responsive Contact Form Builder & Lead Generation Plugin <= 1.8.9 - Cross-Site Request Forgery
The Responsive Contact Form Builder & Lead Generation Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.8.9. This is due to missing or incorrect nonce validation on several functions. This makes it possible for unauthenticated attacker...