CVE-2023-2326 Gravity Forms Google Sheet Connector < 1.3.5 - Access Code Update via CSRF

2023-06-2713:17:25

WPScan

www.cve.org

cve-2023-2326

gravity forms

google sheet connector

wordpress

csrf

access code

security vulnerability

0.001 Low

EPSS

Percentile

25.1%

JSON

The Gravity Forms Google Sheet Connector WordPress plugin before 1.3.5, gsheetconnector-gravityforms-pro WordPress plugin through 1.3.5 does not have CSRF check when updating its Access Code, which could allow attackers to make logged in admin change the access code to an arbitrary one via a CSRF attack

CNA Affected

[
  {
    "vendor": "Unknown",
    "product": "Gravity Forms Google Sheet Connector",
    "versions": [
      {
        "status": "affected",
        "versionType": "custom",
        "version": "0",
        "lessThan": "1.3.5"
      }
    ],
    "defaultStatus": "unaffected",
    "collectionURL": "https://wordpress.org/plugins"
  },
  {
    "vendor": "Unknown",
    "product": "gsheetconnector-gravityforms-pro",
    "versions": [
      {
        "status": "affected",
        "versionType": "custom",
        "version": "0",
        "lessThanOrEqual": "1.3.5"
      }
    ],
    "defaultStatus": "affected"
  }
]

References

wpscan.com/vulnerability/f922695a-b803-4edf-aadc-80c79d99bebb

0.001 Low

EPSS

Percentile

25.1%

JSON

Related for CVELIST:CVE-2023-2326