CVE-2023-48278 HIGH

CVE-2023-48278: WordPress WP Forms Puzzle Captcha Plugin <= 4.1 is vulnerable to Cross Site Request Forgery (CSRF) leading to XSS

Vendor Nitin Rathod

Product WP Forms Puzzle Captcha

Weakness CWE-352 · CSRF

Published November 30, 2023

Last update April 28, 2026

View on NVD All CVEs

CVSS base score

7.1/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction Required

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

What the vulnerability does

01Description

Cross-Site Request Forgery (CSRF) vulnerability in Nitin Rathod WP Forms Puzzle Captcha allows Stored XSS.This issue affects WP Forms Puzzle Captcha: from n/a through 4.1.

Key dates

02Disclosure timeline

November 30, 2023 CVE published

April 28, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-48278

Related vulnerabilities

04Related CVE

CVE-2025-30572 WordPress Simple Rating plugin <= 1.4 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability CVE-2025-39435 WordPress My Marginalia plugin <= 1.0.6 - CSRF to Stored XSS vulnerability CVE-2023-39989 WordPress Header Footer Code Manager Plugin <= 1.1.34 is vulnerable to Cross Site Request Forgery (CSRF) CVE-2024-54226 WordPress Country Blocker plugin <= 3.2 - CSRF to Stored XSS vulnerability CVE-2024-37102 WordPress Vilva theme <= 1.2.2 - Cross Site Request Forgery (CSRF) vulnerability

Identifiers

CVE CVE-2023-48278

CWE CWE-352

CVSS 7.1 / HIGH

Affected versions

Vendor Nitin Rathod

Product WP Forms Puzzle Captcha

Affected ≥ n/a and ≤ 4.1