CVE-2021-34620

HIGH

WP Fluent Forms < 3.6.67 - Cross-Site Request Forgery leading to Stored Cross-Site Scripting and Privilege Escalation

Title source: llm
STIX 2.1

Description

The WP Fluent Forms plugin < 3.6.67 for WordPress is vulnerable to Cross-Site Request Forgery leading to stored Cross-Site Scripting and limited Privilege Escalation due to a missing nonce check in the access control function for administrative AJAX actions

References (2)

Core 2

Scores

CVSS v3 8.8
EPSS 0.0263
EPSS Percentile 83.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact total

Details

CWE
CWE-352 CWE-79
Status published
Products (1)
fluentforms/contact_form < 3.6.67
Published Jul 07, 2021
Tracked Since Feb 18, 2026