Vulnerability Details CVE-2024-0373
The Views for WPForms – Display & Edit WPForms Entries on your site frontend plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.2. This is due to missing or incorrect nonce validation on the 'save_view' function. This makes it possible for unauthenticated attackers to modify arbitrary post titles via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 28.6%
CVSS Severity
CVSS v3 Score 4.3
References
- https://plugins.trac.wordpress.org/changeset?old_path=%2Fviews-for-wpforms-lite%2Ftags%2F3.2.2&old=3026471&new_path=%2Fviews-for-wpforms-lite%2Ftags%2F3.2.3&new=3026471&sfp_email=&sfph_mail=
- https://www.wordfence.com/threat-intel/vulnerabilities/id/e2273c53-bc8a-45c7-914d-a3b934c2cb18?source=cve
- https://plugins.trac.wordpress.org/changeset?old_path=%2Fviews-for-wpforms-lite%2Ftags%2F3.2.2&old=3026471&new_path=%2Fviews-for-wpforms-lite%2Ftags%2F3.2.3&new=3026471&sfp_email=&sfph_mail=
- https://www.wordfence.com/threat-intel/vulnerabilities/id/e2273c53-bc8a-45c7-914d-a3b934c2cb18?source=cve
Products affected by CVE-2024-0373
-
cpe:2.3:a:formviewswp:views_for_wpforms:1.0
-
cpe:2.3:a:formviewswp:views_for_wpforms:1.1
-
cpe:2.3:a:formviewswp:views_for_wpforms:1.2
-
cpe:2.3:a:formviewswp:views_for_wpforms:1.3
-
cpe:2.3:a:formviewswp:views_for_wpforms:1.5
-
cpe:2.3:a:formviewswp:views_for_wpforms:1.6
-
cpe:2.3:a:formviewswp:views_for_wpforms:1.7
-
cpe:2.3:a:formviewswp:views_for_wpforms:2.0
-
cpe:2.3:a:formviewswp:views_for_wpforms:2.1
-
cpe:2.3:a:formviewswp:views_for_wpforms:2.2
-
cpe:2.3:a:formviewswp:views_for_wpforms:2.3
-
cpe:2.3:a:formviewswp:views_for_wpforms:2.4
-
cpe:2.3:a:formviewswp:views_for_wpforms:2.4.1
-
cpe:2.3:a:formviewswp:views_for_wpforms:2.4.2
-
cpe:2.3:a:formviewswp:views_for_wpforms:2.5
-
cpe:2.3:a:formviewswp:views_for_wpforms:2.6
-
cpe:2.3:a:formviewswp:views_for_wpforms:2.6.1
-
cpe:2.3:a:formviewswp:views_for_wpforms:2.6.2
-
cpe:2.3:a:formviewswp:views_for_wpforms:2.6.3
-
cpe:2.3:a:formviewswp:views_for_wpforms:2.6.4
-
cpe:2.3:a:formviewswp:views_for_wpforms:2.6.5
-
cpe:2.3:a:formviewswp:views_for_wpforms:2.6.6
-
cpe:2.3:a:formviewswp:views_for_wpforms:2.6.7
-
cpe:2.3:a:formviewswp:views_for_wpforms:2.6.8
-
cpe:2.3:a:formviewswp:views_for_wpforms:2.6.9
-
cpe:2.3:a:formviewswp:views_for_wpforms:2.7
-
cpe:2.3:a:formviewswp:views_for_wpforms:2.7.1
-
cpe:2.3:a:formviewswp:views_for_wpforms:2.7.2
-
cpe:2.3:a:formviewswp:views_for_wpforms:2.7.3
-
cpe:2.3:a:formviewswp:views_for_wpforms:2.7.3.1
-
cpe:2.3:a:formviewswp:views_for_wpforms:2.7.4
-
cpe:2.3:a:formviewswp:views_for_wpforms:2.8
-
cpe:2.3:a:formviewswp:views_for_wpforms:2.8.1
-
cpe:2.3:a:formviewswp:views_for_wpforms:2.8.2
-
cpe:2.3:a:formviewswp:views_for_wpforms:2.8.3
-
cpe:2.3:a:formviewswp:views_for_wpforms:2.8.4
-
cpe:2.3:a:formviewswp:views_for_wpforms:2.8.5
-
cpe:2.3:a:formviewswp:views_for_wpforms:2.8.6
-
cpe:2.3:a:formviewswp:views_for_wpforms:3.0
-
cpe:2.3:a:formviewswp:views_for_wpforms:3.1
-
cpe:2.3:a:formviewswp:views_for_wpforms:3.1.1
-
cpe:2.3:a:formviewswp:views_for_wpforms:3.2
-
cpe:2.3:a:formviewswp:views_for_wpforms:3.2.1
-
cpe:2.3:a:formviewswp:views_for_wpforms:3.2.2