Cross-Site Request Forgery Patched in WP Fluent Forms

Wordfence Threat Intelligence team responsibly disclosed a Cross-Site Request Forgery(CSRF) vulnerability in WP Fluent Forms, a WordPress plugin installed on over 80,000 sites. This vulnerability also allowed a stored Cross-Site Scripting(XSS) attack which, if successfully exploited, could be used to take over a site.

A patched version of the plugin, 3.6.67, was released on March 5, 2021

Source: https://www.wordfence.com/blog/2021/06/cross-site-request-forgery-patched-in-wp-fluent-forms

Posted in Updates, Vulnerability.