Lucene search

K
cvelistWPScanCVELIST:CVE-2021-24133
HistoryMar 18, 2021 - 2:57 p.m.

CVE-2021-24133 ActiveCampaign < 8.0.2 - Cross-Site Request Forgery in Settings

2021-03-1814:57:49
CWE-352
WPScan
www.cve.org

4.9 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

27.4%

Lack of CSRF checks in the ActiveCampaign WordPress plugin, versions before 8.0.2, on its Settings form, which could allow attacker to make a logged-in administrator change API Credentials to attacker’s account.

CNA Affected

[
  {
    "product": "ActiveCampaign",
    "vendor": "Unknown",
    "versions": [
      {
        "lessThan": "8.0.2",
        "status": "affected",
        "version": "8.0.2",
        "versionType": "custom"
      }
    ]
  }
]

4.9 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

27.4%

Related for CVELIST:CVE-2021-24133