CVE-2024-0371

The Views for WPForms – Display & Edit WPForms Entries on your site frontend plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'createview' function in all versions up to, and including, 3.2.2. This makes it possible for authenticated...

CVE-2024-0370 Views for WPForms <= 3.2.2 - Missing Authorization via save_view

The Views for WPForms – Display & Edit WPForms Entries on your site frontend plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'saveview' function in all versions up to, and including, 3.2.2. This makes it possible for authenticated...

CVE-2024-0370

The CVE-2024-0370 entry affects Views for WPForms – Display & Edit WPForms Entries on your site frontend (WordPress), vulnerable versions up to and including 3.2.2. The root cause is a missing authorization check in the save_view function, enabling authenticated users with subscriber access and a...

CVE-2024-0374

CVE-2024-0374 affects the WordPress plugin Views for WPForms – Display & Edit WPForms Entries on your site frontend. The issue is CSRF due to missing/incorrect nonce validation in the create_view function, allowing unauthenticated attackers to create views via a forged request if they trick an ad...

CVE-2024-0372

CVE-2024-0372 affects the WordPress plugin Views for WPForms Lite up to version 3.2.2, with a missing authorization check in get_form_fields that allows authenticated users with subscriber+ role to create or view form data. The issue is rooted in an improper permission check for the get_form_fiel...

CVE-2024-0372 Views for WPForms <= 3.2.2 - Missing Authorization via get_form_fields

The Views for WPForms – Display & Edit WPForms Entries on your site frontend plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'getformfields' function in all versions up to, and including, 3.2.2. This makes it possible for authenticated...

CVE-2024-0372 Views for WPForms <= 3.2.2 - Missing Authorization via get_form_fields

The Views for WPForms – Display & Edit WPForms Entries on your site frontend plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'getformfields' function in all versions up to, and including, 3.2.2. This makes it possible for authenticated...

WordPress plugin Views for WPForms security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

WordPress plugin Views for WPForms security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in the...

WordPress plugin Views for WPForms security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

WordPress plugin Views for WPForms security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

PT-2024-15507 · WordPress · Views For Wpforms

Name of the Vulnerable Software and Affected Versions: The Views for WPForms – Display & Edit WPForms Entries on your site frontend plugin for WordPress versions up to, and including, 3.2.2 Description: The issue is related to unauthorized access of data due to a missing capability check on the g...

WordPress plugin Views for WPForms security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in the...

PT-2024-15506 · WordPress · Views For Wpforms

Name of the Vulnerable Software and Affected Versions: The Views for WPForms – Display & Edit WPForms Entries on your site frontend plugin for WordPress versions up to, and including, 3.2.2 Description: The issue is related to unauthorized modification of data due to a missing capability check on...

PT-2024-15508 · WordPress · Views For Wpforms

Name of the Vulnerable Software and Affected Versions: The Views for WPForms – Display & Edit WPForms Entries on your site frontend plugin for WordPress versions up to, and including, 3.2.2 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validatio...

PT-2024-15505 · WordPress · Views For Wpforms

Name of the Vulnerable Software and Affected Versions: The Views for WPForms – Display & Edit WPForms Entries on your site frontend plugin for WordPress versions up to, and including, 3.2.2 Description: The issue is related to a missing capability check on the save view function, allowing...

WordPress Views for WPForms Plugin <= 3.2.2 is vulnerable to Broken Access Control

Software Views for WPForms Type Plugin Vulnerable versions = 3.2.2 Fixed in 3.2.3 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-0370 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 2bf8391974fc Credits Francesco Carlucci Required...

Views for WPForms < 3.2.3 - Missing Authorization via create_view

Description The Views for WPForms – Display & Edit WPForms Entries on your site frontend plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'createview' function in all versions up to, and including, 3.2.2. This makes it possible for...

Views for WPForms < 3.2.3 - Missing Authorization via get_form_fields

Description The Views for WPForms – Display & Edit WPForms Entries on your site frontend plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'getformfields' function in all versions up to, and including, 3.2.2. This makes it possible for...

Views for WPForms < 3.2.3 - Cross-Site Request Forgery via create_view

Description The Views for WPForms – Display & Edit WPForms Entries on your site frontend plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.2. This is due to missing or incorrect nonce validation on the 'createview' function. This makes it...