Approved changes feed: RSS · Atom

cpe:2.3:a:aman086:views_for_wpforms_–_display_&_edit_wpforms_entries_on_your_site_frontend:*:*:*:*:*:*:*:*

part: a version: * update: *

VendorAman086 (92c1bbe3-ab46-5754-a3c9-c01881a7b4f1)
ProductViews For Wpforms – Display & Edit Wpforms Entries On Your Site Frontend (e5dd4c90-a99c-5a46-874f-7fa850614277)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from gcve-enriched-dumps CVE data

PURL mappings

PURLSourceLast updated
No PURL mappings for this CPE yet.

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2024-0374 vulnerable 2026-06-08 06:22:00.473404 Views for WPForms <= 3.2.2 - Cross-Site Request Forgery via create_view
MEDIUM (4.3)
The Views for WPForms – Display & Edit WPForms Entries on your site frontend plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.2. This is due to missing or incorrect nonce validation on the 'create_view' function. This makes it possible for unauthenticated attackers to create views via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Published: 2024-02-05T21:21:39.745Z
Updated: 2026-04-08T16:45:49.380Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-0373 vulnerable 2026-06-08 06:22:00.472816 Views for WPForms <= 3.2.2 - Cross-Site Request Forgery via save_view
MEDIUM (4.3)
The Views for WPForms – Display & Edit WPForms Entries on your site frontend plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.2. This is due to missing or incorrect nonce validation on the 'save_view' function. This makes it possible for unauthenticated attackers to modify arbitrary post titles via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Published: 2024-02-05T21:22:03.758Z
Updated: 2026-04-08T17:29:07.314Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-0372 vulnerable 2026-06-08 06:22:00.472183 Views for WPForms <= 3.2.2 - Missing Authorization via get_form_fields
MEDIUM (4.3)
The Views for WPForms – Display & Edit WPForms Entries on your site frontend plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'get_form_fields' function in all versions up to, and including, 3.2.2. This makes it possible for authenticated attackers, with subscriber access and above, to create form views.
Published: 2024-02-05T21:21:38.352Z
Updated: 2026-04-08T16:43:33.179Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-0371 vulnerable 2026-06-08 06:22:00.471645 Views for WPForms <= 3.2.2 - Missing Authorization via create_view
MEDIUM (4.3)
The Views for WPForms – Display & Edit WPForms Entries on your site frontend plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'create_view' function in all versions up to, and including, 3.2.2. This makes it possible for authenticated attackers, with subscriber access and above, to create form views.
Published: 2024-02-05T21:21:56.544Z
Updated: 2026-04-08T17:14:06.599Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-0370 vulnerable 2026-06-08 06:22:00.470491 Views for WPForms <= 3.2.2 - Missing Authorization via save_view
MEDIUM (4.3)
The Views for WPForms – Display & Edit WPForms Entries on your site frontend plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'save_view' function in all versions up to, and including, 3.2.2. This makes it possible for authenticated attackers, with subscriber access and above, to modify the titles of arbitrary posts.
Published: 2024-02-05T21:21:40.659Z
Updated: 2026-04-08T16:47:23.507Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.