WordPress · Interactive Contact Form/Multi Step Form Builder With Drag & Drop Editor · CVE-2023-5990
**Name of the Vulnerable Software and Affected Versions**
The Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor WordPress plugin versions prior to 3.4.2
**Description**
The issue concerns a lack of CSRF checks on certain form actions, such as deletion and duplication, which could allow attackers to make logged-in admins perform these actions via CSRF attacks.
**Recommendations**
For versions prior to 3.4.2, update to version 3.4.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the form actions that are vulnerable to CSRF attacks until the update can be applied.