JetPack Vulnerability found

  • The plugin Easy Registration Forms (version 2.1.1) has a known vulnerability.

    Easy Registration Forms <= 2.1.1 - CSRF to Stored Cross-Site Scripting
    Description
    The plugin is vulnerable to Cross-Site Request Forgery due to missing nonce validation via the ajax_add_form function found in the ~/includes/class-form.php file which made it possible for attackers to inject arbitrary web scripts in versions up to, and including 2.1.1.
    Affects Plugins

easy-registration-forms
    No known fix - plugin closed

References
    CVE
    CVE-2021-39353
    URL
    https://www.wordfence.com/vulnerability-advisories/#CVE-2021-39353
    Classification
    Type
    CSRF

OWASP top 10
    A2: Broken Authentication and Session Management
    CWE
    CWE-352
    Miscellaneous
    Original Researcher
    Thinkland Security Team

Verified
    No

WPVDB ID
    b491fbaa-605c-41a6-a8ea-b7aac1353535
    Timeline
    Publicly Published
    2021-11-18 (about 1 years ago)

Added
    2021-11-18 (about 1 years ago)

Last Updated
    2022-04-08 (about 9 months ago)
  • The topic ‘JetPack Vulnerability found’ is closed to new replies.