Headline

CVE-2021-4417: Changeset 2368977 for forminator/trunk/library/class-export.php – WordPress Plugin Repository

The Forminator – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.13.4. This is due to missing or incorrect nonce validation on the listen_for_saving_export_schedule() function. This makes it possible for unauthenticated attackers to export form submissions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

1 year ago

CVE

Open in Source

#wordpress #php #auth

Timestamp:

08/25/2020 08:14:13 PM (3 years ago)

alerzhus

Message:

Version 1.13.5

File:

forminator/trunk/library/class-export.php (1 diff)

Legend:

Unmodified

Added

Removed

forminator/trunk/library/class-export.php

r2271488

r2368977

156

156

        if ( isset( $post\_data\['action'\] ) && 'forminator\_export\_entries' === $post\_data\['action'\] ) {

157

157

158

 

            if ( isset( $\_POST\['\_forminator\_nonce'\] ) && ! wp\_verify\_nonce( $\_POST\['\_forminator\_nonce'\], 'forminator\_export' ) ) {

 

158

            if ( ! isset( $\_POST\['\_forminator\_nonce'\] ) || ! wp\_verify\_nonce( $\_POST\['\_forminator\_nonce'\], 'forminator\_export' ) ) {

 

159

159

160

                $redirect = add\_query\_arg(

160

161

                    array(

Note: See TracChangeset for help on using the changeset viewer.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda

12 months ago

12 months ago

12 months ago

12 months ago

12 months ago