2 matches found
CVE-2023-2405
The CVE-2023-2405 entry describes a CSRF vulnerability in the WordPress plugin CRMs and Lead Management by vcita up to version 2.6.2 due to missing nonce validation in vcita-callback.php, enabling unauthenticated attackers to modify settings and inject malicious JavaScript via forged requests if ...
CVE-2023-2405 CRM and Lead Management by vcita <= 2.7.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting
The CRM and Lead Management by vcita plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.7.0. This is due to missing nonce validation in the vcita-callback.php file. This makes it possible for unauthenticated attackers to modify the plugin's settin...