CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-50428 – WordPress Multi Step Form plugin <= 1.7.21 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-50428
24 Oct 2024 — Missing Authorization vulnerability in Mondula GmbH Multi Step Form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Multi Step Form: from n/a through 1.7.21. La vulnerabilidad de autorización faltante en Mondula GmbH Multi Step Form permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a Multi Step Form: desde n/a hasta 1.7.21. The Multi Step Form plugin for WordPress is vulnerable to unauthorized deletion of ... • https://patchstack.com/database/vulnerability/multi-step-form/wordpress-multi-step-form-plugin-1-7-21-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-25905 – WordPress Multi Step Form Plugin <= 1.7.18 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2024-25905
12 Feb 2024 — Cross-Site Request Forgery (CSRF) vulnerability in Mondula GmbH Multi Step Form.This issue affects Multi Step Form: from n/a through 1.7.18. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Multi Step Form de Mondula GmbH. Este problema afecta a Multi Step Form: desde n/a hasta 1.7.18. The Multi Step Form plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.7.18. This is due to missing or incorrect nonce validation on an unknown function. • https://patchstack.com/database/vulnerability/multi-step-form/wordpress-multi-step-form-plugin-1-7-17-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •