CVE-2024-2368

The Mollie Forms plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.13. This is due to missing or incorrect nonce validation on the duplicateForm function. This makes it possible for unauthenticated attackers to duplicate forms via a forged...

CVE-2023-5990 Funnelforms Free < 3.4.2 - Form Deletion/Duplication via CSRF

The Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor WordPress plugin before 3.4.2 does not have CSRF checks on some of its form actions such as deletion and duplication, which could allow attackers to make logged in admin perform such actions via CSRF attacks...

Funnelforms Free < 3.4.2 - Form Deletion/Duplication via CSRF

Description The plugin does not have CSRF checks on some of its form actions such as deletion and duplication, which could allow attackers to make logged in admin perform such actions via CSRF attacks Make a logged in admin open an HTML page with the form below Deletion This will delete the form...

Ultimate Member < 2.6.1 - Form Duplication via CSRF

The plugin does not have CSRF checks when duplicating a form, which could allow attackers to make logged in admins perform such actions via a CSRF attack...

PT-2022-10708 · Liferay · Liferay Dxp +1

Name of the Vulnerable Software and Affected Versions: Liferay Portal versions 7.0.0 through 7.3.6 Liferay DXP versions 7.0 through 7.3 before fix pack 2, with the following specific fix pack requirements: - 7.0 before fix pack 101 - 7.1 before fix pack 21 - 7.2 before fix pack 10 Description:...