CSRF vulnerability in the submitDefaultEditor function

**Describe the bug**
A CSRF vulnerability in the submitDefualtEditor function was reported by [Rio Darmawan](https://www.wordfence.com/threat-intel/vulnerabilities/researchers/rio-darmawan) via [WordFence](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/post-and-page-builder/post-and-page-builder-by-boldgrid-visual-drag-and-drop-editor-1241-cross-site-request-forgery-via-submitdefaulteditor)

**Expected behavior**
A nonce field should be added to the form, and that nonce should be validated in the `formActionRoute` method, from which the `submitDefaultEditor` method is called.

**Additional context**
This vulnerability has a CVE number reserved for it, however no data was submitted to the CVE for this vulnerability at the time of this ticket being created. If / When it is, the CVE report can be found here [CVE-2023-25480](https://www.cve.org/CVERecord?id=CVE-2023-25480)


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

CSRF vulnerability in the submitDefaultEditor function #540

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

CSRF vulnerability in the submitDefaultEditor function #540

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions