4 matches found
CVE-2024-6628
The EleForms – All In One Form Integration including DB for Elementor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.9.9.9. This is due to missing or incorrect nonce validation when deleting form submissions. This makes it possible for...
CVE-2024-6628
creationtimestamp| type| source ---|---|--- 2024-11-16 03:55:13+00:00| seen| https://infosec.exchange/users/cve/statuses/113490612240255893 2024-11-16 06:02:29+00:00| seen| https://t.me/cvedetector/11213...
CVE-2024-6628
CVE-2024-6628 : EleForms – All In One Form Integration including DB for Elementor (WordPress) is vulnerable to Cross-Site Request Forgery (CSRF) in all versions up to 2.9.9.9 due to missing/incorrect nonce validation when deleting form submissions. This enables unauthenticated attackers to cause ...
WordPress EleForms Plugin <= 2.9.9.9 is vulnerable to Cross Site Request Forgery (CSRF)
Software EleForms Type Plugin Vulnerable versions = 2.9.9.9 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-6628 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 5925dd673838 Credits Lucio Sá Required privilege...