Fast & Fancy Filter – 3F WordPress Plugin Cross-Site Request Forgery Vulnerability

Vulnerability

A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the Fast & Fancy Filter – 3F WordPress plugin, affecting versions through 1.2.2. The vulnerability arises from a lack of nonce verification in the 'saveFields' function, which processes the 'fff_save_settins' AJAX action. This omission allows unauthenticated attackers to manipulate plugin filter settings, alter arbitrary options, or create new filter posts by sending a forged request, provided they can deceive a site administrator into clicking a link.

Impact

Exploitation of this vulnerability could lead to unauthorized modifications of plugin settings and the creation of new filter posts.

Added: Apr 22, 2026, 11:38 AM

Updated: Apr 22, 2026, 11:38 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.9

remediation

0.0

relevance

6.5

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.9

remediation

0.0

relevance

6.5

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Fast & Fancy Filter – 3F WordPress Plugin Cross-Site Request Forgery Vulnerability

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating