What is CVE-2023-30616?

CVE-2023-30616 is a vulnerability in the Form Block WordPress plugin that allows for Cross-Site Request Forgery (CSRF) attacks due to a missing nonce check.

How does CVE-2023-30616 impact me?

CVE-2023-30616 could potentially allow attackers to perform unauthorized actions on behalf of a user, such as submitting malicious forms or changing form configurations.

What is the severity of CVE-2023-30616?

The severity of CVE-2023-30616 is medium with a CVSS score of 6.5.

How can I mitigate CVE-2023-30616?

To mitigate CVE-2023-30616, it is recommended to update the Form Block plugin to version 1.0.2 or later, which includes a fix for the vulnerability.

Where can I find more information about CVE-2023-30616?

You can find more information about CVE-2023-30616 on the GitHub security advisory page: [GitHub Advisory](https://github.com/epiphyt/form-block/security/advisories/GHSA-j4c2-7p87-q824)

Vulnerability/
CVE-2023-30616

medium

6.5

CWE

352

20/4/2023

4/2/2025

CVE-2023-30616: Cross Site Request Forgery due to missing nonce verification in form block

First published: Thu Apr 20 2023(Updated: )

Form block is a wordpress plugin designed to make form creation easier. Versions prior to 1.0.2 are subject to a Cross-Site Request Forgery due to a missing nonce check. There is potential for a Cross Site Request Forgery for all form blocks, since it allows to send requests to the forms from any website without a user noticing. Users are advised to upgrade to version 1.0.2. There are no known workarounds for this vulnerability.

Credit: security-advisories@github.com

Affected Software	Affected Version	How to fix
Epiph Form Block	<1.0.2

Remedy

https://github.com/epiphyt/form-block/commit/cf0012fa0710d906c594346ba775c5dc433a9426

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2023-30616?
CVE-2023-30616 is a vulnerability in the Form Block WordPress plugin that allows for Cross-Site Request Forgery (CSRF) attacks due to a missing nonce check.
How does CVE-2023-30616 impact me?
CVE-2023-30616 could potentially allow attackers to perform unauthorized actions on behalf of a user, such as submitting malicious forms or changing form configurations.
What is the severity of CVE-2023-30616?
The severity of CVE-2023-30616 is medium with a CVSS score of 6.5.
How can I mitigate CVE-2023-30616?
To mitigate CVE-2023-30616, it is recommended to update the Form Block plugin to version 1.0.2 or later, which includes a fix for the vulnerability.
Where can I find more information about CVE-2023-30616?
You can find more information about CVE-2023-30616 on the GitHub security advisory page: [GitHub Advisory](https://github.com/epiphyt/form-block/security/advisories/GHSA-j4c2-7p87-q824)

collector/nvd-index
agent/references
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/author
agent/last-modified-date
agent/severity
agent/title
agent/weakness
agent/remedy
agent/event
agent/first-publish-date
agent/description
agent/tags
agent/source
vendor/epiph
canonical/epiph form block

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.