CVE-2023-30616

Published: Apr 20, 2023

Modified: Feb 4, 2025

PUBLISHED

CVSS v3.1

6.5

MEDIUM

Description

Form block is a wordpress plugin designed to make form creation easier. Versions prior to 1.0.2 are subject to a Cross-Site Request Forgery due to a missing nonce check. There is potential for a Cross Site Request Forgery for all form blocks, since it allows to send requests to the forms from any website without a user noticing. Users are advised to upgrade to version 1.0.2. There are no known workarounds for this vulnerability.

Vendor	Product	Versions
epiphyt	form-block	affected `< 1.0.2`

Weaknesses (CWE)

CWE-352

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

None

Integrity

High

Availability

None

References

https://github.com/epiphyt/form-block/security/advisories/GHSA-j4c2-7p87-q824

x_refsource_CONFIRM

https://github.com/epiphyt/form-block/commit/cf0012fa0710d906c594346ba775c5dc433a9426

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2023-30616

Description

Affected Products

Weaknesses (CWE)

CVSS v3.1 Details

References