VYPR

Advanced Forms

by WordPress

CVEs (1)

  • CVE-2021-24892HigNov 23, 2021
    risk 0.00cvss 8.8epss 0.02

    Insecure Direct Object Reference in edit function of Advanced Forms (Free & Pro) before 1.6.9 allows authenticated remote attacker to change arbitrary user's email address and request for reset password, which could lead to take over of WordPress's administrator account. To…