Unrated severityNVD Advisory· Published Jul 7, 2021· Updated Oct 15, 2024
CSRF in WP Fluent Forms < 3.6.67 allows stored XSS and Privilege Escalation
CVE-2021-34620
Description
The WP Fluent Forms plugin < 3.6.67 for WordPress is vulnerable to Cross-Site Request Forgery leading to stored Cross-Site Scripting and limited Privilege Escalation due to a missing nonce check in the access control function for administrative AJAX actions
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: <3.6.67
- WP Manage Ninja/WP Fluent Formsv5Range: 3.6.67
Patches
Vulnerability mechanics
References
2- plugins.trac.wordpress.org/browser/fluentform/trunk/app/Modules/Acl/Acl.phpmitrex_refsource_MISC
- www.wordfence.com/blog/2021/06/cross-site-request-forgery-patched-in-wp-fluent-forms/mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.