From cb783ce633c82e5370ea02279f379f0097770839 Mon Sep 17 00:00:00 2001
From: Bastian Germann <bgermann@users.noreply.github.com>
Date: Sun, 5 Mar 2023 19:09:57 +0100
Subject: [PATCH] version 15.0.5

---
 cforms.php | 4 ++--
 readme.txt | 8 ++++++--
 2 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/cforms.php b/cforms.php
index a9accc1..c8895d4 100644
--- a/cforms.php
+++ b/cforms.php
@@ -20,12 +20,12 @@
  * Plugin URI: https://wordpress.org/plugins/cforms2/
  * Description: cformsII is a customizable, flexible and powerful form plugin including simple spam protection, multi-step forms, role manager support and custom themes.
  * Author: Oliver Seidel, Bastian Germann
- * Version: 15.0.4
+ * Version: 15.0.5
  * Text Domain: cforms2
  */
 namespace Cforms2;
 
-define('CFORMS2_VERSION', '15.0.4');
+define('CFORMS2_VERSION', '15.0.5');
 
 // Debug message handling.
 if (!defined('WP_DEBUG_CFORMS2')) {
diff --git a/readme.txt b/readme.txt
index 4e01c25..6ba664e 100644
--- a/readme.txt
+++ b/readme.txt
@@ -17,7 +17,7 @@ Oliver, the original author, discontinued developing the plugin. This fork is an
 
 If you want to use plugin versions older than 14.6.3, you should rename the directory containing the plugin from "cforms2" to "cforms". But bear in mind that old versions should not be used in public systems, because they contain [known serious vulnerabilities](https://wpvulndb.com/plugins/cforms) that are exploited in the wild.
 
-The [current security baseline version](https://wpvulndb.com/plugins/cforms2) is 15.0.3.
+The [current security baseline version](https://wpvulndb.com/plugins/cforms2) is 15.0.5.
 
 
 == Related Plugins ==
@@ -111,12 +111,16 @@ cformsII can be extended via WordPress actions and filters. You find their 'cfor
 
 == Upgrade Notice ==
 
-= 15.0.4 =
+= 15.0.5 =
 The tracking database feature and its view are removed with cformsII 15.0+. Your data still exists in the database. Please have a look at CFDB plugin as a replacement.
 
 
 == Changelog ==
 
+= 15.0.5 =
+
+* Fix CSRF by introducing nonces to admin forms (CVE-2023-25449)
+
 = 15.0.4 =
 
 * enhanced: make session extension optional