CVE-2025-9898 cForms – Light speed fast Form Builder <= 3.0.0 - Cross-Site Request Forgery

The cForms – Light speed fast Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.0.0. This is due to missing or incorrect nonce validation on the cformsapi function. This makes it possible for unauthenticated attackers to modify...