Lucene search

PRIOn knowledge basePRION:CVE-2023-2330

HistoryJul 17, 2023 - 2:15 p.m.

Cross site request forgery (csrf)

2023-07-1714:15:00

PRIOn knowledge base

www.prio-n.com

cross site request forgery

csrf

caldera forms

google sheets

connector

wordpress plugin

access code

update

admin

vulnerability

8.6 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

41.1%

JSON

The Caldera Forms Google Sheets Connector WordPress plugin before 1.3 does not have CSRF check when updating its Access Code, which could allow attackers to make logged in admin change the access code to an arbitrary one via a CSRF attack

CPENameOperatorVersion
caldera_forms_google_sheets_connectorle1.2

CPE	Name	Operator	Version
	caldera_forms_google_sheets_connector	le	1.2

References

wpscan.com/vulnerability/fa8ccdd0-7b23-4b12-9aa9-4b29d47256b8