5 matches found
CVE-2023-2326
The Gravity Forms Google Sheet Connector WordPress plugin before 1.3.5, gsheetconnector-gravityforms-pro WordPress plugin through 1.3.5 does not have CSRF check when updating its Access Code, which could allow attackers to make logged in admin change the access code to an arbitrary one via a CSRF...
CVE-2023-2326
The Gravity Forms Google Sheet Connector WordPress plugin before 1.3.5, gsheetconnector-gravityforms-pro WordPress plugin through 1.3.5 does not have CSRF check when updating its Access Code, which could allow attackers to make logged in admin change the access code to an arbitrary one via a CSRF...
CVE-2023-2326 Gravity Forms Google Sheet Connector < 1.3.5 - Access Code Update via CSRF
The Gravity Forms Google Sheet Connector WordPress plugin before 1.3.5, gsheetconnector-gravityforms-pro WordPress plugin through 1.3.5 does not have CSRF check when updating its Access Code, which could allow attackers to make logged in admin change the access code to an arbitrary one via a CSRF...
CVE-2023-2326 Gravity Forms Google Sheet Connector < 1.3.5 - Access Code Update via CSRF
The Gravity Forms Google Sheet Connector WordPress plugin before 1.3.5, gsheetconnector-gravityforms-pro WordPress plugin through 1.3.5 does not have CSRF check when updating its Access Code, which could allow attackers to make logged in admin change the access code to an arbitrary one via a CSRF...
CVE-2023-2326
The CVE-2023-2326 issue affects Gravity Forms Google Sheet Connector (and gsheetconnector-gravityforms-pro) WordPress plugins, where updating the Access Code lacked a CSRF check. This governance-level flaw could allow a logged-in administrator to change the Access Code to an arbitrary value via C...