CVE-2023-5990

Name of the Vulnerable Software and Affected Versions The Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor WordPress plugin versions prior to 3.4.2

Description The issue concerns a lack of CSRF checks on certain form actions, such as deletion and duplication, which could allow attackers to make logged-in admins perform these actions via CSRF attacks.

Recommendations For versions prior to 3.4.2, update to version 3.4.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the form actions that are vulnerable to CSRF attacks until the update can be applied.