The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.15.21. This is due to missing or incorrect nonce validation on the 'execute' function. This makes it possible for unauthenticated attackers to execute arbitrary methods in the 'BoosterController' class via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: Wordfence
Published: 2024-01-27T03:32:46.380Z
Updated: 2024-08-01T18:11:35.670Z
Reserved: 2024-01-17T20:10:05.656Z
Link: CVE-2024-0667
Vulnrichment
No data.
NVD
Status : Modified
Published: 2024-01-27T04:15:08.453
Modified: 2024-11-21T08:47:06.217
Link: CVE-2024-0667
Redhat
No data.