Views For Wpforms – Display & Edit Wpforms Entries On Your Site Frontend
Approved changes feed: RSS · Atom
cpe:2.3:a:aman086:views_for_wpforms_–_display_&_edit_wpforms_entries_on_your_site_frontend:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Aman086 (92c1bbe3-ab46-5754-a3c9-c01881a7b4f1) |
|---|---|
| Product | Views For Wpforms – Display & Edit Wpforms Entries On Your Site Frontend (e5dd4c90-a99c-5a46-874f-7fa850614277) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2024-0374 |
vulnerable | 2026-06-08 06:22:00.473404 |
Views for WPForms <= 3.2.2 - Cross-Site Request Forgery via create_view
MEDIUM (4.3)
The Views for WPForms – Display & Edit WPForms Entries on your site frontend plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.2. This is due to missing or incorrect nonce validation on the 'create_view' function. This makes it possible for unauthenticated attackers to create views via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Published: 2024-02-05T21:21:39.745Z
Updated: 2026-04-08T16:45:49.380Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-0373 |
vulnerable | 2026-06-08 06:22:00.472816 |
Views for WPForms <= 3.2.2 - Cross-Site Request Forgery via save_view
MEDIUM (4.3)
The Views for WPForms – Display & Edit WPForms Entries on your site frontend plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.2. This is due to missing or incorrect nonce validation on the 'save_view' function. This makes it possible for unauthenticated attackers to modify arbitrary post titles via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Published: 2024-02-05T21:22:03.758Z
Updated: 2026-04-08T17:29:07.314Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-0372 |
vulnerable | 2026-06-08 06:22:00.472183 |
Views for WPForms <= 3.2.2 - Missing Authorization via get_form_fields
MEDIUM (4.3)
The Views for WPForms – Display & Edit WPForms Entries on your site frontend plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'get_form_fields' function in all versions up to, and including, 3.2.2. This makes it possible for authenticated attackers, with subscriber access and above, to create form views.
Published: 2024-02-05T21:21:38.352Z
Updated: 2026-04-08T16:43:33.179Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-0371 |
vulnerable | 2026-06-08 06:22:00.471645 |
Views for WPForms <= 3.2.2 - Missing Authorization via create_view
MEDIUM (4.3)
The Views for WPForms – Display & Edit WPForms Entries on your site frontend plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'create_view' function in all versions up to, and including, 3.2.2. This makes it possible for authenticated attackers, with subscriber access and above, to create form views.
Published: 2024-02-05T21:21:56.544Z
Updated: 2026-04-08T17:14:06.599Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-0370 |
vulnerable | 2026-06-08 06:22:00.470491 |
Views for WPForms <= 3.2.2 - Missing Authorization via save_view
MEDIUM (4.3)
The Views for WPForms – Display & Edit WPForms Entries on your site frontend plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'save_view' function in all versions up to, and including, 3.2.2. This makes it possible for authenticated attackers, with subscriber access and above, to modify the titles of arbitrary posts.
Published: 2024-02-05T21:21:40.659Z
Updated: 2026-04-08T16:47:23.507Z Reference links |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.