Lucene search
WpvulndbWPVDB-ID:2307A094-472B-4B77-BB04-58FBC7231C33HistoryJan 24, 2024 - 12:00 a.m.
Views for WPForms < 3.2.3 - Cross-Site Request Forgery via save_view
2024-01-2400:00:00
wpscan.com
4
wpforms
cross-site request forgery
missing nonce validation
Description The Views for WPForms – Display & Edit WPForms Entries on your site frontend plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.2. This is due to missing or incorrect nonce validation on the ‘save_view’ function. This makes it possible for unauthenticated attackers to modify arbitrary post titles via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
| CPE | Name | Operator | Version |
|---|---|---|---|
| eq | 3.2.3 |
Related
nvd
nvd
CVE-2024-0373
2024-02-05 22:16:00
cve
cve
CVE-2024-0373
2024-02-05 22:16:00
cvelist
cvelist
CVE-2024-0373
2024-02-05 21:22:03
prion
prion
Cross site request forgery (csrf)
2024-02-05 22:16:00
wordfence
wordfence
6.7 Medium
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
20.5%
Related for WPVDB-ID:2307A094-472B-4B77-BB04-58FBC7231C33