5 matches found
CVE-2024-0370
The CVE-2024-0370 entry affects Views for WPForms – Display & Edit WPForms Entries on your site frontend (WordPress), vulnerable versions up to and including 3.2.2. The root cause is a missing authorization check in the save_view function, enabling authenticated users with subscriber access and a...
CVE-2024-0372
CVE-2024-0372 affects the WordPress plugin Views for WPForms Lite up to version 3.2.2, with a missing authorization check in get_form_fields that allows authenticated users with subscriber+ role to create or view form data. The issue is rooted in an improper permission check for the get_form_fiel...
CVE-2024-0371
CVE-2024-0371 concerns the WordPress plugin Views for WPForms – Display & Edit WPForms Entries on your site frontend. The issue is a missing capability check in the create_view function, affecting all versions up to and including 3.2.2, enabling authenticated users with subscriber access and abov...
CVE-2024-0373
The CVE-2024-0373 entry concerns the WordPress plugin Views for WPForms – Display & Edit WPForms Entries on your site frontend, vulnerable to Cross-Site Request Forgery due to missing or incorrect nonce validation in the save_view function. Affected versions are all up to and including 3.2.2. The...
CVE-2024-0374
CVE-2024-0374 affects the WordPress plugin Views for WPForms – Display & Edit WPForms Entries on your site frontend. The issue is CSRF due to missing/incorrect nonce validation in the create_view function, allowing unauthenticated attackers to create views via a forged request if they trick an ad...