Login Sign Up

CVE-2021-39353

8.8 HIGH
CSRF

📋 TL;DR

This vulnerability allows attackers to perform Cross-Site Request Forgery (CSRF) attacks against WordPress sites using the Easy Registration Forms plugin. Attackers can trick authenticated administrators into executing malicious actions, potentially injecting arbitrary web scripts. Sites running the plugin version 2.1.1 or earlier are affected.

💻 Affected Systems

Products:
  • Easy Registration Forms WordPress Plugin
Versions: Up to and including 2.1.1
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Requires WordPress installation with the vulnerable plugin active. Attack requires tricking authenticated user.

📦 What is this software?

Easy Registration Forms by Easyregistrationforms

View all CVEs affecting Easy Registration Forms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete site takeover through script injection leading to data theft, defacement, or malware distribution.

🟠

Likely Case

Unauthorized form creation/modification, script injection in forms, or administrative actions performed without consent.

🟢

If Mitigated

No impact if proper CSRF protections are implemented or plugin is updated/disabled.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires social engineering to trick authenticated users. CSRF attacks are well-understood and tools exist.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.1.2 or later

Vendor Advisory: https://plugins.trac.wordpress.org/changeset/2608228/easy-registration-forms

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find 'Easy Registration Forms'. 4. Click 'Update Now' if available. 5. Alternatively, download latest version from WordPress repository and replace plugin files.

🔧 Temporary Workarounds

Disable Plugin

all

Temporarily disable the vulnerable plugin until patched.

wp plugin deactivate easy-registration-forms

Add CSRF Protection Manually

all

Add nonce validation to ajax_add_form function in class-form.php

🧯 If You Can't Patch

  • Implement strict Content Security Policy (CSP) headers
  • Use web application firewall with CSRF protection rules

🔍 How to Verify

Check if Vulnerable:

Check plugin version in WordPress admin under Plugins > Installed Plugins. Version 2.1.1 or earlier is vulnerable.

Check Version:

wp plugin get easy-registration-forms --field=version

Verify Fix Applied:

Verify plugin version is 2.1.2 or later. Check that nonce validation exists in includes/class-form.php around line 256.

📡 Detection & Monitoring

Log Indicators:

  • Unusual POST requests to admin-ajax.php with action=ajax_add_form
  • Multiple form creation/modification events from single user session

Network Indicators:

  • CSRF attack patterns in web traffic
  • Unexpected cross-origin requests to WordPress admin endpoints

SIEM Query:

source="wordpress.log" AND ("ajax_add_form" OR "admin-ajax.php") AND status=200

📊 Metadata

CVE ID: CVE-2021-39353
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-352
Published: November 19, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-39353, you might also want to check these:

CVE-2025-23922 10.0

A Cross-Site Request Forgery (CSRF) vulnerability in the Harsh iSpring Embedder WordPress plugin all...

Same vulnerability type (CWE-352)
CVE-2020-23426 9.8

CVE-2020-23426 is a privilege escalation vulnerability in zzcms 201910 that allows attackers to gain...

Same vulnerability type (CWE-352)
CVE-2024-33449 9.8

This SSRF vulnerability in PDFMyURL allows attackers to make the service send requests to internal s...

Same vulnerability type (CWE-352)