Wobbie: >> Mollie Forms >> 0.3.1 Security Vulnerabilities
The Mollie Forms plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.13. This is due to missing or incorrect nonce validation on the duplicateForm() function. This makes it possible for unauthenticated attackers to duplicate forms via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
CVSS Score
4.3
EPSS Score
0.001
Published
2024-06-05
The Mollie Forms plugin for WordPress is vulnerable to unauthorized post or page duplication due to a missing capability check on the duplicateForm function in all versions up to, and including, 2.6.3. This makes it possible for authenticated attackers, with subscriber access or higher, to duplicate arbitrary posts and pages.
CVSS Score
4.3
EPSS Score
0.001
Published
2024-03-11
The Mollie Forms plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the exportRegistrations function in all versions up to, and including, 2.6.3. This makes it possible for authenticated attackers, with subscriber access or higher, to export payment data collected by this plugin.
CVSS Score
4.3
EPSS Score
0.002
Published
2024-03-11