Description
WordPress Plugin Form Maker by 10Web-Mobile-Friendly Drag & Drop Contact Form Builder is prone to a cross-site request forgery vulnerability. Exploiting this issue may allow a remote attacker to perform certain administrative actions and gain unauthorized access to the affected application; other attacks are also possible. WordPress Plugin Form Maker by 10Web-Mobile-Friendly Drag & Drop Contact Form Builder version 1.13.4 is vulnerable; prior versions are also affected.
Remediation
Update to plugin version 1.13.5 or latest
References
https://pvagenas.com/vulnerabilities/form-maker-by-wd-csrf/
https://plugins.svn.wordpress.org/form-maker/trunk/readme.txt
Related Vulnerabilities
MySQL CVE-2014-2450 Vulnerability (CVE-2014-2450)
WordPress Plugin Pinterest Feed Multiple Vulnerabilities (1.1.1)
WordPress Plugin WP Import Export Lite Security Bypass (3.9.4)
WordPress Plugin Church Admin Cross-Site Scripting (0.856)
Oracle Application Server CVE-2009-0989 Vulnerability (CVE-2009-0989)