Cross-Site Request Forgery in Forminator Plugin for WordPress
CVE-2021-4417
5.4MEDIUM
Key Information:
- Vendor
Wordpress
- Vendor
- CVE Published:
- 12 July 2023
What is CVE-2021-4417?
The Forminator plugin for WordPress is susceptible to a Cross-Site Request Forgery vulnerability due to insufficient nonce validation in the listen_for_saving_export_schedule() function. This allows unauthorized individuals to potentially export sensitive form submissions. An attacker could exploit this vulnerability by convincing an admin to interact with a malicious link, thereby executing a forged request without authentication.
Affected Version(s)
Forminator – Contact Form, Payment Form & Custom Form Builder * < 1.13.5