Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
10 vulnerabilities by formviewswp
CVE-2024-0374 (GCVE-0-2024-0374)
Vulnerability from nvd – Published: 2024-02-05 21:21 – Updated: 2026-04-08 16:45
VLAI
Title
Views for WPForms <= 3.2.2 - Cross-Site Request Forgery via create_view
Summary
The Views for WPForms – Display & Edit WPForms Entries on your site frontend plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.2. This is due to missing or incorrect nonce validation on the 'create_view' function. This makes it possible for unauthenticated attackers to create views via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Severity
4.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-284 - Improper Access Control
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| aman086 | Views for WPForms – Display & Edit WPForms Entries on your site frontend |
Affected:
0 , ≤ 3.2.2
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-0374",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-06T15:17:47.658505Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-27T21:02:09.653Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:04:49.609Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/34c0c676-37f9-49f2-ad50-2d70831fda53?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset?old_path=%2Fviews-for-wpforms-lite%2Ftags%2F3.2.2\u0026old=3026471\u0026new_path=%2Fviews-for-wpforms-lite%2Ftags%2F3.2.3\u0026new=3026471\u0026sfp_email=\u0026sfph_mail="
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Views for WPForms \u2013 Display \u0026 Edit WPForms Entries on your site frontend",
"vendor": "aman086",
"versions": [
{
"lessThanOrEqual": "3.2.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Francesco Carlucci"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Views for WPForms \u2013 Display \u0026 Edit WPForms Entries on your site frontend plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.2. This is due to missing or incorrect nonce validation on the \u0027create_view\u0027 function. This makes it possible for unauthenticated attackers to create views via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T16:45:49.380Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/34c0c676-37f9-49f2-ad50-2d70831fda53?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?old_path=%2Fviews-for-wpforms-lite%2Ftags%2F3.2.2\u0026old=3026471\u0026new_path=%2Fviews-for-wpforms-lite%2Ftags%2F3.2.3\u0026new=3026471\u0026sfp_email=\u0026sfph_mail="
}
],
"timeline": [
{
"lang": "en",
"time": "2024-01-24T00:00:00.000Z",
"value": "Disclosed"
}
],
"title": "Views for WPForms \u003c= 3.2.2 - Cross-Site Request Forgery via create_view"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-0374",
"datePublished": "2024-02-05T21:21:39.745Z",
"dateReserved": "2024-01-09T20:22:40.164Z",
"dateUpdated": "2026-04-08T16:45:49.380Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-0371 (GCVE-0-2024-0371)
Vulnerability from nvd – Published: 2024-02-05 21:21 – Updated: 2026-04-08 17:14
VLAI
Title
Views for WPForms <= 3.2.2 - Missing Authorization via create_view
Summary
The Views for WPForms – Display & Edit WPForms Entries on your site frontend plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'create_view' function in all versions up to, and including, 3.2.2. This makes it possible for authenticated attackers, with subscriber access and above, to create form views.
Severity
4.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-284 - Improper Access Control
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| aman086 | Views for WPForms – Display & Edit WPForms Entries on your site frontend |
Affected:
0 , ≤ 3.2.2
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-0371",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-07T16:30:05.707822Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-05T17:22:56.600Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:04:49.562Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a9565693-fd0b-4412-944c-81b3cd79492e?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset?old_path=%2Fviews-for-wpforms-lite%2Ftags%2F3.2.2\u0026old=3026471\u0026new_path=%2Fviews-for-wpforms-lite%2Ftags%2F3.2.3\u0026new=3026471\u0026sfp_email=\u0026sfph_mail="
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Views for WPForms \u2013 Display \u0026 Edit WPForms Entries on your site frontend",
"vendor": "aman086",
"versions": [
{
"lessThanOrEqual": "3.2.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Francesco Carlucci"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Views for WPForms \u2013 Display \u0026 Edit WPForms Entries on your site frontend plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the \u0027create_view\u0027 function in all versions up to, and including, 3.2.2. This makes it possible for authenticated attackers, with subscriber access and above, to create form views."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T17:14:06.599Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a9565693-fd0b-4412-944c-81b3cd79492e?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?old_path=%2Fviews-for-wpforms-lite%2Ftags%2F3.2.2\u0026old=3026471\u0026new_path=%2Fviews-for-wpforms-lite%2Ftags%2F3.2.3\u0026new=3026471\u0026sfp_email=\u0026sfph_mail="
}
],
"timeline": [
{
"lang": "en",
"time": "2024-01-24T00:00:00.000Z",
"value": "Disclosed"
}
],
"title": "Views for WPForms \u003c= 3.2.2 - Missing Authorization via create_view"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-0371",
"datePublished": "2024-02-05T21:21:56.544Z",
"dateReserved": "2024-01-09T20:13:19.354Z",
"dateUpdated": "2026-04-08T17:14:06.599Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-0370 (GCVE-0-2024-0370)
Vulnerability from nvd – Published: 2024-02-05 21:21 – Updated: 2026-04-08 16:47
VLAI
Title
Views for WPForms <= 3.2.2 - Missing Authorization via save_view
Summary
The Views for WPForms – Display & Edit WPForms Entries on your site frontend plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'save_view' function in all versions up to, and including, 3.2.2. This makes it possible for authenticated attackers, with subscriber access and above, to modify the titles of arbitrary posts.
Severity
4.3 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-284 - Improper Access Control
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| aman086 | Views for WPForms – Display & Edit WPForms Entries on your site frontend |
Affected:
0 , ≤ 3.2.2
(semver)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:04:49.703Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3c4c8113-4c46-4179-9c7f-9d5d4337254d?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset?old_path=%2Fviews-for-wpforms-lite%2Ftags%2F3.2.2\u0026old=3026471\u0026new_path=%2Fviews-for-wpforms-lite%2Ftags%2F3.2.3\u0026new=3026471\u0026sfp_email=\u0026sfph_mail="
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-0370",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-21T19:42:31.821245Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-17T19:55:03.273Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Views for WPForms \u2013 Display \u0026 Edit WPForms Entries on your site frontend",
"vendor": "aman086",
"versions": [
{
"lessThanOrEqual": "3.2.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Francesco Carlucci"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Views for WPForms \u2013 Display \u0026 Edit WPForms Entries on your site frontend plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the \u0027save_view\u0027 function in all versions up to, and including, 3.2.2. This makes it possible for authenticated attackers, with subscriber access and above, to modify the titles of arbitrary posts."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T16:47:23.507Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3c4c8113-4c46-4179-9c7f-9d5d4337254d?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?old_path=%2Fviews-for-wpforms-lite%2Ftags%2F3.2.2\u0026old=3026471\u0026new_path=%2Fviews-for-wpforms-lite%2Ftags%2F3.2.3\u0026new=3026471\u0026sfp_email=\u0026sfph_mail="
}
],
"timeline": [
{
"lang": "en",
"time": "2024-01-24T00:00:00.000Z",
"value": "Disclosed"
}
],
"title": "Views for WPForms \u003c= 3.2.2 - Missing Authorization via save_view"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-0370",
"datePublished": "2024-02-05T21:21:40.659Z",
"dateReserved": "2024-01-09T20:12:46.638Z",
"dateUpdated": "2026-04-08T16:47:23.507Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-0372 (GCVE-0-2024-0372)
Vulnerability from nvd – Published: 2024-02-05 21:21 – Updated: 2026-04-08 16:43
VLAI
Title
Views for WPForms <= 3.2.2 - Missing Authorization via get_form_fields
Summary
The Views for WPForms – Display & Edit WPForms Entries on your site frontend plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'get_form_fields' function in all versions up to, and including, 3.2.2. This makes it possible for authenticated attackers, with subscriber access and above, to create form views.
Severity
4.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-862 - Missing Authorization
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| aman086 | Views for WPForms – Display & Edit WPForms Entries on your site frontend |
Affected:
0 , ≤ 3.2.2
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-0372",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-06T15:53:19.211744Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-05T17:21:33.237Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:04:49.057Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2ab58add-ab81-4c84-b773-7daf382492b0?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset?old_path=%2Fviews-for-wpforms-lite%2Ftags%2F3.2.2\u0026old=3026471\u0026new_path=%2Fviews-for-wpforms-lite%2Ftags%2F3.2.3\u0026new=3026471\u0026sfp_email=\u0026sfph_mail="
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Views for WPForms \u2013 Display \u0026 Edit WPForms Entries on your site frontend",
"vendor": "aman086",
"versions": [
{
"lessThanOrEqual": "3.2.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Francesco Carlucci"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Views for WPForms \u2013 Display \u0026 Edit WPForms Entries on your site frontend plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the \u0027get_form_fields\u0027 function in all versions up to, and including, 3.2.2. This makes it possible for authenticated attackers, with subscriber access and above, to create form views."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T16:43:33.179Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2ab58add-ab81-4c84-b773-7daf382492b0?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?old_path=%2Fviews-for-wpforms-lite%2Ftags%2F3.2.2\u0026old=3026471\u0026new_path=%2Fviews-for-wpforms-lite%2Ftags%2F3.2.3\u0026new=3026471\u0026sfp_email=\u0026sfph_mail="
}
],
"timeline": [
{
"lang": "en",
"time": "2024-01-24T00:00:00.000Z",
"value": "Disclosed"
}
],
"title": "Views for WPForms \u003c= 3.2.2 - Missing Authorization via get_form_fields"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-0372",
"datePublished": "2024-02-05T21:21:38.352Z",
"dateReserved": "2024-01-09T20:13:51.978Z",
"dateUpdated": "2026-04-08T16:43:33.179Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-0373 (GCVE-0-2024-0373)
Vulnerability from nvd – Published: 2024-02-05 21:22 – Updated: 2026-04-08 17:29
VLAI
Title
Views for WPForms <= 3.2.2 - Cross-Site Request Forgery via save_view
Summary
The Views for WPForms – Display & Edit WPForms Entries on your site frontend plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.2. This is due to missing or incorrect nonce validation on the 'save_view' function. This makes it possible for unauthenticated attackers to modify arbitrary post titles via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Severity
4.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-284 - Improper Access Control
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| aman086 | Views for WPForms – Display & Edit WPForms Entries on your site frontend |
Affected:
0 , ≤ 3.2.2
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-0373",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-06T14:39:32.607137Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-05T17:21:30.867Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:04:49.071Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e2273c53-bc8a-45c7-914d-a3b934c2cb18?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset?old_path=%2Fviews-for-wpforms-lite%2Ftags%2F3.2.2\u0026old=3026471\u0026new_path=%2Fviews-for-wpforms-lite%2Ftags%2F3.2.3\u0026new=3026471\u0026sfp_email=\u0026sfph_mail="
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Views for WPForms \u2013 Display \u0026 Edit WPForms Entries on your site frontend",
"vendor": "aman086",
"versions": [
{
"lessThanOrEqual": "3.2.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Francesco Carlucci"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Views for WPForms \u2013 Display \u0026 Edit WPForms Entries on your site frontend plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.2. This is due to missing or incorrect nonce validation on the \u0027save_view\u0027 function. This makes it possible for unauthenticated attackers to modify arbitrary post titles via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T17:29:07.314Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e2273c53-bc8a-45c7-914d-a3b934c2cb18?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?old_path=%2Fviews-for-wpforms-lite%2Ftags%2F3.2.2\u0026old=3026471\u0026new_path=%2Fviews-for-wpforms-lite%2Ftags%2F3.2.3\u0026new=3026471\u0026sfp_email=\u0026sfph_mail="
}
],
"timeline": [
{
"lang": "en",
"time": "2024-01-24T00:00:00.000Z",
"value": "Disclosed"
}
],
"title": "Views for WPForms \u003c= 3.2.2 - Cross-Site Request Forgery via save_view"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-0373",
"datePublished": "2024-02-05T21:22:03.758Z",
"dateReserved": "2024-01-09T20:20:43.243Z",
"dateUpdated": "2026-04-08T17:29:07.314Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-0373 (GCVE-0-2024-0373)
Vulnerability from cvelistv5 – Published: 2024-02-05 21:22 – Updated: 2026-04-08 17:29
VLAI
Title
Views for WPForms <= 3.2.2 - Cross-Site Request Forgery via save_view
Summary
The Views for WPForms – Display & Edit WPForms Entries on your site frontend plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.2. This is due to missing or incorrect nonce validation on the 'save_view' function. This makes it possible for unauthenticated attackers to modify arbitrary post titles via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Severity
4.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-284 - Improper Access Control
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| aman086 | Views for WPForms – Display & Edit WPForms Entries on your site frontend |
Affected:
0 , ≤ 3.2.2
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-0373",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-06T14:39:32.607137Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-05T17:21:30.867Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:04:49.071Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e2273c53-bc8a-45c7-914d-a3b934c2cb18?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset?old_path=%2Fviews-for-wpforms-lite%2Ftags%2F3.2.2\u0026old=3026471\u0026new_path=%2Fviews-for-wpforms-lite%2Ftags%2F3.2.3\u0026new=3026471\u0026sfp_email=\u0026sfph_mail="
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Views for WPForms \u2013 Display \u0026 Edit WPForms Entries on your site frontend",
"vendor": "aman086",
"versions": [
{
"lessThanOrEqual": "3.2.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Francesco Carlucci"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Views for WPForms \u2013 Display \u0026 Edit WPForms Entries on your site frontend plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.2. This is due to missing or incorrect nonce validation on the \u0027save_view\u0027 function. This makes it possible for unauthenticated attackers to modify arbitrary post titles via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T17:29:07.314Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e2273c53-bc8a-45c7-914d-a3b934c2cb18?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?old_path=%2Fviews-for-wpforms-lite%2Ftags%2F3.2.2\u0026old=3026471\u0026new_path=%2Fviews-for-wpforms-lite%2Ftags%2F3.2.3\u0026new=3026471\u0026sfp_email=\u0026sfph_mail="
}
],
"timeline": [
{
"lang": "en",
"time": "2024-01-24T00:00:00.000Z",
"value": "Disclosed"
}
],
"title": "Views for WPForms \u003c= 3.2.2 - Cross-Site Request Forgery via save_view"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-0373",
"datePublished": "2024-02-05T21:22:03.758Z",
"dateReserved": "2024-01-09T20:20:43.243Z",
"dateUpdated": "2026-04-08T17:29:07.314Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-0371 (GCVE-0-2024-0371)
Vulnerability from cvelistv5 – Published: 2024-02-05 21:21 – Updated: 2026-04-08 17:14
VLAI
Title
Views for WPForms <= 3.2.2 - Missing Authorization via create_view
Summary
The Views for WPForms – Display & Edit WPForms Entries on your site frontend plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'create_view' function in all versions up to, and including, 3.2.2. This makes it possible for authenticated attackers, with subscriber access and above, to create form views.
Severity
4.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-284 - Improper Access Control
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| aman086 | Views for WPForms – Display & Edit WPForms Entries on your site frontend |
Affected:
0 , ≤ 3.2.2
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-0371",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-07T16:30:05.707822Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-05T17:22:56.600Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:04:49.562Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a9565693-fd0b-4412-944c-81b3cd79492e?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset?old_path=%2Fviews-for-wpforms-lite%2Ftags%2F3.2.2\u0026old=3026471\u0026new_path=%2Fviews-for-wpforms-lite%2Ftags%2F3.2.3\u0026new=3026471\u0026sfp_email=\u0026sfph_mail="
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Views for WPForms \u2013 Display \u0026 Edit WPForms Entries on your site frontend",
"vendor": "aman086",
"versions": [
{
"lessThanOrEqual": "3.2.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Francesco Carlucci"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Views for WPForms \u2013 Display \u0026 Edit WPForms Entries on your site frontend plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the \u0027create_view\u0027 function in all versions up to, and including, 3.2.2. This makes it possible for authenticated attackers, with subscriber access and above, to create form views."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T17:14:06.599Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a9565693-fd0b-4412-944c-81b3cd79492e?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?old_path=%2Fviews-for-wpforms-lite%2Ftags%2F3.2.2\u0026old=3026471\u0026new_path=%2Fviews-for-wpforms-lite%2Ftags%2F3.2.3\u0026new=3026471\u0026sfp_email=\u0026sfph_mail="
}
],
"timeline": [
{
"lang": "en",
"time": "2024-01-24T00:00:00.000Z",
"value": "Disclosed"
}
],
"title": "Views for WPForms \u003c= 3.2.2 - Missing Authorization via create_view"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-0371",
"datePublished": "2024-02-05T21:21:56.544Z",
"dateReserved": "2024-01-09T20:13:19.354Z",
"dateUpdated": "2026-04-08T17:14:06.599Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-0370 (GCVE-0-2024-0370)
Vulnerability from cvelistv5 – Published: 2024-02-05 21:21 – Updated: 2026-04-08 16:47
VLAI
Title
Views for WPForms <= 3.2.2 - Missing Authorization via save_view
Summary
The Views for WPForms – Display & Edit WPForms Entries on your site frontend plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'save_view' function in all versions up to, and including, 3.2.2. This makes it possible for authenticated attackers, with subscriber access and above, to modify the titles of arbitrary posts.
Severity
4.3 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-284 - Improper Access Control
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| aman086 | Views for WPForms – Display & Edit WPForms Entries on your site frontend |
Affected:
0 , ≤ 3.2.2
(semver)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:04:49.703Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3c4c8113-4c46-4179-9c7f-9d5d4337254d?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset?old_path=%2Fviews-for-wpforms-lite%2Ftags%2F3.2.2\u0026old=3026471\u0026new_path=%2Fviews-for-wpforms-lite%2Ftags%2F3.2.3\u0026new=3026471\u0026sfp_email=\u0026sfph_mail="
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-0370",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-21T19:42:31.821245Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-17T19:55:03.273Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Views for WPForms \u2013 Display \u0026 Edit WPForms Entries on your site frontend",
"vendor": "aman086",
"versions": [
{
"lessThanOrEqual": "3.2.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Francesco Carlucci"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Views for WPForms \u2013 Display \u0026 Edit WPForms Entries on your site frontend plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the \u0027save_view\u0027 function in all versions up to, and including, 3.2.2. This makes it possible for authenticated attackers, with subscriber access and above, to modify the titles of arbitrary posts."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T16:47:23.507Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3c4c8113-4c46-4179-9c7f-9d5d4337254d?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?old_path=%2Fviews-for-wpforms-lite%2Ftags%2F3.2.2\u0026old=3026471\u0026new_path=%2Fviews-for-wpforms-lite%2Ftags%2F3.2.3\u0026new=3026471\u0026sfp_email=\u0026sfph_mail="
}
],
"timeline": [
{
"lang": "en",
"time": "2024-01-24T00:00:00.000Z",
"value": "Disclosed"
}
],
"title": "Views for WPForms \u003c= 3.2.2 - Missing Authorization via save_view"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-0370",
"datePublished": "2024-02-05T21:21:40.659Z",
"dateReserved": "2024-01-09T20:12:46.638Z",
"dateUpdated": "2026-04-08T16:47:23.507Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-0374 (GCVE-0-2024-0374)
Vulnerability from cvelistv5 – Published: 2024-02-05 21:21 – Updated: 2026-04-08 16:45
VLAI
Title
Views for WPForms <= 3.2.2 - Cross-Site Request Forgery via create_view
Summary
The Views for WPForms – Display & Edit WPForms Entries on your site frontend plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.2. This is due to missing or incorrect nonce validation on the 'create_view' function. This makes it possible for unauthenticated attackers to create views via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Severity
4.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-284 - Improper Access Control
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| aman086 | Views for WPForms – Display & Edit WPForms Entries on your site frontend |
Affected:
0 , ≤ 3.2.2
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-0374",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-06T15:17:47.658505Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-27T21:02:09.653Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:04:49.609Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/34c0c676-37f9-49f2-ad50-2d70831fda53?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset?old_path=%2Fviews-for-wpforms-lite%2Ftags%2F3.2.2\u0026old=3026471\u0026new_path=%2Fviews-for-wpforms-lite%2Ftags%2F3.2.3\u0026new=3026471\u0026sfp_email=\u0026sfph_mail="
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Views for WPForms \u2013 Display \u0026 Edit WPForms Entries on your site frontend",
"vendor": "aman086",
"versions": [
{
"lessThanOrEqual": "3.2.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Francesco Carlucci"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Views for WPForms \u2013 Display \u0026 Edit WPForms Entries on your site frontend plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.2. This is due to missing or incorrect nonce validation on the \u0027create_view\u0027 function. This makes it possible for unauthenticated attackers to create views via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T16:45:49.380Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/34c0c676-37f9-49f2-ad50-2d70831fda53?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?old_path=%2Fviews-for-wpforms-lite%2Ftags%2F3.2.2\u0026old=3026471\u0026new_path=%2Fviews-for-wpforms-lite%2Ftags%2F3.2.3\u0026new=3026471\u0026sfp_email=\u0026sfph_mail="
}
],
"timeline": [
{
"lang": "en",
"time": "2024-01-24T00:00:00.000Z",
"value": "Disclosed"
}
],
"title": "Views for WPForms \u003c= 3.2.2 - Cross-Site Request Forgery via create_view"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-0374",
"datePublished": "2024-02-05T21:21:39.745Z",
"dateReserved": "2024-01-09T20:22:40.164Z",
"dateUpdated": "2026-04-08T16:45:49.380Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-0372 (GCVE-0-2024-0372)
Vulnerability from cvelistv5 – Published: 2024-02-05 21:21 – Updated: 2026-04-08 16:43
VLAI
Title
Views for WPForms <= 3.2.2 - Missing Authorization via get_form_fields
Summary
The Views for WPForms – Display & Edit WPForms Entries on your site frontend plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'get_form_fields' function in all versions up to, and including, 3.2.2. This makes it possible for authenticated attackers, with subscriber access and above, to create form views.
Severity
4.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-862 - Missing Authorization
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| aman086 | Views for WPForms – Display & Edit WPForms Entries on your site frontend |
Affected:
0 , ≤ 3.2.2
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-0372",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-06T15:53:19.211744Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-05T17:21:33.237Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:04:49.057Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2ab58add-ab81-4c84-b773-7daf382492b0?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset?old_path=%2Fviews-for-wpforms-lite%2Ftags%2F3.2.2\u0026old=3026471\u0026new_path=%2Fviews-for-wpforms-lite%2Ftags%2F3.2.3\u0026new=3026471\u0026sfp_email=\u0026sfph_mail="
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Views for WPForms \u2013 Display \u0026 Edit WPForms Entries on your site frontend",
"vendor": "aman086",
"versions": [
{
"lessThanOrEqual": "3.2.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Francesco Carlucci"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Views for WPForms \u2013 Display \u0026 Edit WPForms Entries on your site frontend plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the \u0027get_form_fields\u0027 function in all versions up to, and including, 3.2.2. This makes it possible for authenticated attackers, with subscriber access and above, to create form views."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T16:43:33.179Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2ab58add-ab81-4c84-b773-7daf382492b0?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?old_path=%2Fviews-for-wpforms-lite%2Ftags%2F3.2.2\u0026old=3026471\u0026new_path=%2Fviews-for-wpforms-lite%2Ftags%2F3.2.3\u0026new=3026471\u0026sfp_email=\u0026sfph_mail="
}
],
"timeline": [
{
"lang": "en",
"time": "2024-01-24T00:00:00.000Z",
"value": "Disclosed"
}
],
"title": "Views for WPForms \u003c= 3.2.2 - Missing Authorization via get_form_fields"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-0372",
"datePublished": "2024-02-05T21:21:38.352Z",
"dateReserved": "2024-01-09T20:13:51.978Z",
"dateUpdated": "2026-04-08T16:43:33.179Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}