Vulnerability: Cross-Site Request Forgery leading to stored Cross-Site Scripting and limited Privilege Escalation in WP Fluent Forms plugin < 3.6.67 for WordPress

Vulnerability: Cross-Site Request Forgery leading to stored Cross-Site Scripting and limited Privilege Escalation in WP Fluent Forms plugin < 3.6.67 for WordPress

CVE-2021-34620 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

The WP Fluent Forms plugin < 3.6.67 for WordPress is vulnerable to Cross-Site Request Forgery leading to stored Cross-Site Scripting and limited Privilege Escalation due to a missing nonce check in the access control function for administrative AJAX actions

Learn more about our Wordpress Pen Testing.