AI Score
Confidence
High
EPSS
Percentile
24.1%
Description The plugin does not have CSRF checks when deleting, updating and duplicating forms, which could allow attackers to make logged in admins perform such actions via CSRF attacks
patchstack.com/database/vulnerability/multi-step-form/wordpress-multi-step-form-plugin-1-7-11-cross-site-request-forgery-csrf-vulnerability