Multi Step Form < 1.7.19 – Form Deletion via CSRF | CVE 2024-25905

Affects Plugins

Fixed in 1.7.19

References

CVE

CVE-2024-25905

URL

https://patchstack.com/database/vulnerability/multi-step-form/wordpress-multi-step-form-plugin-1-7-17-cross-site-request-forgery-csrf-vulnerability

Classification

Type

CSRF

OWASP top 10

A2: Broken Authentication and Session Management

CWE

CWE-352

CVSS

4.3 (medium)

Miscellaneous

Original Researcher

Benmalek Aymen (centaurus)

Verified

Yes

WPVDB ID

a88f9350-e78b-4562-9298-85ede4d2833e

Timeline

Publicly Published

2024-02-12 (about 2 years ago)

Added

2024-02-14 (about 2 years ago)

Last Updated

2024-02-27 (about 2 years ago)

Other

Published

Title

Published

2024-11-28

Title

Yahoo! WebPlayer <= 2.0.6 - Cross-Site Request Forgery to Stored Cross-Site Scripting

Published

2024-10-15

Title

Pinpoint Booking System < 2.9.9.5.8 - Stored XSS via CSRF

Published

2024-04-05

Title

Post Views Counter < 1.4.5 - Cross-Site Request Forgery via save_bulk_post_views()

Published

2026-05-07

Title

BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net < 1.1.6 - Cross-Site Request Forgery

Published

2026-01-06

Title

Mamurjor Employee Info <= 1.0.0 - Cross-Site Request Forgery to Arbitrary Employee and Related Data Manipulation