6 matches found
WordPress WP Fluent Forms plugin cross-site request forgery vulnerability
WordPress is the WordPress Foundation's suite of blogging platforms developed using the PHP language. The platform supports the hosting of personal blogging sites on servers with PHP and MySQL.A cross-site request forgery vulnerability exists in versions of WordPress WP Fluent Forms plugin prior ...
CVE-2021-34620
The WP Fluent Forms plugin 3.6.67 for WordPress is vulnerable to Cross-Site Request Forgery leading to stored Cross-Site Scripting and limited Privilege Escalation due to a missing nonce check in the access control function for administrative AJAX actions...
CVE-2021-34620 CSRF in WP Fluent Forms < 3.6.67 allows stored XSS and Privilege Escalation
The WP Fluent Forms plugin 3.6.67 for WordPress is vulnerable to Cross-Site Request Forgery leading to stored Cross-Site Scripting and limited Privilege Escalation due to a missing nonce check in the access control function for administrative AJAX actions...
CVE-2021-34620 CSRF in WP Fluent Forms < 3.6.67 allows stored XSS and Privilege Escalation
The WP Fluent Forms plugin 3.6.67 for WordPress is vulnerable to Cross-Site Request Forgery leading to stored Cross-Site Scripting and limited Privilege Escalation due to a missing nonce check in the access control function for administrative AJAX actions...
CVE-2021-34620
CVE-2021-34620 affects the WP Fluent Forms plugin for WordPress, specifically versions prior to 3.6.67. The root cause is a missing nonce check in the access control function for administrative AJAX actions, enabling Cross-Site Request Forgery that can lead to stored Cross-Site Scripting and a li...
WP Fluent Forms < 3.6.67 - Cross-Site Request Forgery (CSRF)
The WP Fluent Forms WordPress plugin was vulnerable to a Cross-Site Request Forgery CSRF vulnerability that could lead to Stored Cross-Site Scripting XSS...