CSRF due to missing nonce verification

Moderate

MatzeKitt published GHSA-j4c2-7p87-q824

Apr 20, 2023

Package

Form Block (WordPress)

Affected versions

< 1.0.2

Patched versions

1.0.2

Description

Due to a missing nonce check, there is potential for a Cross Site Request Forgery for all form blocks, since it allows to send requests to the forms from any website without a user noticing.

Recommendation

Update to version 1.0.2

Severity

Moderate

6.5

/ 10

CVSS base metrics

Attack vector

Network

Attack complexity

Low

Privileges required

None

User interaction

Required

Scope

Unchanged

Confidentiality

None

Integrity

High

Availability

None

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N