Lucene search
WpvulndbWPVDB-ID:F30139EB-8B93-44FB-BCD7-0528ED16B5B3HistoryNov 29, 2023 - 12:00 a.m.
WP Forms Puzzle Captcha <= 4.1 - Cross-Site Request Forgery to Cross-Site Scripting
2023-11-2900:00:00
wpscan.com
5
wp forms plugin
wordpress
cross-site request forgery
cross-site scripting
vulnerability
nonce validation
unauthenticated attackers
Description The WP Forms Puzzle Captcha plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.1. This is due to missing or incorrect nonce validation on one of its functions. This makes it possible for unauthenticated attackers to invoke this function via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. Furthermore, user input is sanitized insufficiently leading to stored Cross-Site Scripting.
Related
cvelist
cvelist
cve
cve
CVE-2023-48278
2023-11-30 17:15:11
prion
prion
Cross site request forgery (csrf)
2023-11-30 17:15:00
nvd
nvd
CVE-2023-48278
2023-11-30 17:15:11
wordfence
wordfence
6.3 Medium
AI Score
Confidence
Low
0.0005 Low
EPSS
Percentile
17.0%
Related for WPVDB-ID:F30139EB-8B93-44FB-BCD7-0528ED16B5B3