The Easy Registration Forms WordPress plugin is vulnerable to Cross-Site Request Forgery due to missing nonce validation via the ajax_add_form function found in the ~/includes/class-form.php file which made it possible for attackers to inject arbitrary web scripts in versions up to, and including 2.1.1.
References
Link | Resource |
---|---|
https://plugins.trac.wordpress.org/browser/easy-registration-forms/tags/2.1.1/includes/class-form.php#L256 | Third Party Advisory |
https://www.wordfence.com/vulnerability-advisories/#CVE-2021-39353 | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Information
Published : 2021-11-19 08:15
Updated : 2021-11-24 08:23
NVD link : CVE-2021-39353
Mitre link : CVE-2021-39353
JSON object : View
CWE
CWE-352
Cross-Site Request Forgery (CSRF)
Products Affected
easyregistrationforms
- easy_registration_forms