ThreatPress

WordPress Vulnerabilities Database

Back

WordPress CformsII plugin <= 15.0.1 - Unauthenticated HTML Injection & Cross-Site Request Forgery (CSRF) vulnerabilities

Product
CformsII
Description
Unauthenticated HTML Injection & Cross-Site Request Forgery (CSRF) vulnerabilities found by Jerome Bruandet (Nintechnet) in WordPress CformsII plugin (versions <= 15.0.1).
Solution
Update the WordPress CformsII plugin to the latest available version (at least 15.0.2).
Classification
Type Multi
References
Plugin changelog
CVE
Name CVE-N/A
Versions
Affected In <= 15.0.1
Fixed In 15.0.2
Disclosure date
2019-08-12
Credits
Jerome Bruandet (Nintechnet)
Submitter
ThreatPress