CVE-2024-6412: HTML Forms – Simple WordPress Forms Plugin < 1.3.34 - Bulk Delete via CSRF
First published: Wed Jul 31 2024(Updated: )
The HTML Forms WordPress plugin before 1.3.34 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks
Credit: contact@wpscan.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| WordPress HTML Forms | <1.3.34 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2024-6412?
CVE-2024-6412 is classified as a moderate severity vulnerability due to its potential for CSRF attacks.
How do I fix CVE-2024-6412?
To fix CVE-2024-6412, update the WordPress HTML Forms plugin to version 1.3.34 or later.
What type of vulnerability is CVE-2024-6412?
CVE-2024-6412 is a Cross-Site Request Forgery (CSRF) vulnerability.
Who is affected by CVE-2024-6412?
Users of the WordPress HTML Forms plugin versions prior to 1.3.34 are affected by CVE-2024-6412.
What actions can attackers perform due to CVE-2024-6412?
Attackers can exploit CVE-2024-6412 to make logged-in users perform unwanted actions on affected WordPress installations.
- agent/references
- agent/title
- agent/first-publish-date
- agent/type
- agent/description
- agent/author
- collector/nvd-api
- source/NVD
- agent/last-modified-date
- agent/severity
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/weakness
- collector/epss-latest
- source/FIRST
- agent/epss
- agent/source
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/wordpress
- canonical/wordpress html forms