WordPress Plugin Vulnerabilities

Quill Forms < 3.4.0 - Cross-Site Request Forgery

Description

The Quill Forms | The Best Typeform Alternative | Create Conversational Multi Step Form, Survey, Quiz, Cost Estimation or Donation Form on WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.3.0. This is due to missing or incorrect nonce validation on an unknown function. This makes it possible for unauthenticated attackers to perform an unknown action granted they can trick a site administrator into performing an action such as clicking on a link. The impact of this vulnerability is unknown.

Affects Plugins

Plugin icon
quillforms
Fixed in 3.4.0

References

CVE
CVE-2023-46610
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/8ea4617a-6211-4f8d-ab51-10ca509aaacf

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
5.4 (medium)

Miscellaneous

Original Researcher
Abdi Pranata
Verified
No
WPVDB ID
cd541333-82be-4900-9501-693c15d9013a

Timeline

Publicly Published
2023-10-24 (about 2 years ago)
Added
2023-11-23 (about 2 years ago)
Last Updated
2024-01-22 (about 2 years ago)

Other

Published
Title
Published
2025-03-05
Title
Booknetic < 4.1.5 - Staff Creation via CSRF
Published
2014-08-01
Title
Member Approval 131109 - wp-admin/options-general.php Option Manipulation CSRF
Published
2024-07-10
Title
Metorik – Reports & Email Automation for WooCommerce < 1.7.2 - Cross-Site Request Forgery
Published
2017-04-06
Title
Twitter Cards Meta < 2.5.0 - CSRF and XSS
Published
2014-08-01
Title
Cardoza WordPress Poll <= 34.05 - Multiple External Function Remote Poll Manipulation