Cross-Site Request Forgery in Forminator Plugin for WordPress
CVE-2021-4417

5.4MEDIUM

Key Information:

Vendor

Wordpress
Status
Forminator – Contact Form, Payment Form & Custom Form Builder
Vendor
CVE Published:
12 July 2023

What is CVE-2021-4417?

The Forminator plugin for WordPress is susceptible to a Cross-Site Request Forgery vulnerability due to insufficient nonce validation in the listen_for_saving_export_schedule() function. This allows unauthorized individuals to potentially export sensitive form submissions. An attacker could exploit this vulnerability by convincing an admin to interact with a malicious link, thereby executing a forged request without authentication.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Forminator – Contact Form, Payment Form & Custom Form Builder * < 1.13.5

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...
https://blog.nintechnet.com/25-wordpress-plugins-vulnerab...
https://blog.nintechnet.com/more-wordpress-plugins-and-th...

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Jerome Bruandet
JSON
.