WordPress Plugin Vulnerabilities

FormBuilder < 1.08 - Cross-Site Request Forgery (CSRF)

Description

The FormBuilder WordPress plugin was affected by a Cross-Site Request Forgery (CSRF) security vulnerability.

Affects Plugins

Plugin icon
formbuilder
Fixed in 1.08

References

URL
https://sumofpwn.nl/advisory/2016/cross_site_request_forgery_vulnerability_in_formbuilder_wordpress_plugin_allows_plugin_permissions_modification.html
URL
https://seclists.org/fulldisclosure/2017/Jan/76

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
55dec666-11ae-44c9-a7e3-eb134c94ebcd

Timeline

Publicly Published
2017-01-28 (about 9 years ago)
Added
2017-01-30 (about 9 years ago)
Last Updated
2019-11-01 (about 6 years ago)

Other

Published
Title
Published
2024-07-17
Title
Cooked – Recipe Management < 1.8.0 - Cross-Site Request Forgery via cooked_get_recipe_ids
Published
2025-04-09
Title
WP SexyLightBox <= 0.5.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting
Published
2026-01-06
Title
Sticky Action Buttons <= 1.1 - Cross-Site Request Forgery to Plugin Settings Update
Published
2021-10-18
Title
WP Performance Score Booster < 2.1 - Settings Change via CSRF
Published
2023-09-11
Title
File Manager Pro < 1.8 - Remote Code Execution via CSRF