Lucene search
WpvulndbWPEX-ID:6C2E9ACE-8FB4-426A-82FA-BB8B6F7D6FB8HistoryJun 02, 2023 - 12:00 a.m.
CRM and Lead Management by vcita <= 2.7.1 - Settings Update Via CSRF
2023-06-0200:00:00
wpvulndb
51
vcita
crm
lead management
csrf
vulnerability
exploit
0.001 Low
EPSS
Percentile
44.7%
The plugin does not protect its settings page against CSRF attacks, allowing an unauthenticated attacker to inject arbitrary web scripts by tricking a user with the contributor role or higher to click a link. The plugin does not protect its settings page against CSRF attacks, allowing an unauthenticated attacker to change the plugin’s settings, and on older versions (<= 2.7.0), inject arbitrary web-scripts, by tricking a logged in user with the contributor role or higher to click a link.
https://example.com/wp-admin/admin.php?page=crm-customer-relationship-management-by-vcita/vcita-callback.php&success=true&first_name=a-a&last_name=b&title=c&confirmation_token=d&confirmed=true&engage_delay=1&implementation_key=1&email=a“/><script>alert(1);</script>&uid=a”</script><script>alert(2);</script>Related
cve
cve
CVE-2023-2405
2023-06-03 05:15:09
nvd
nvd
CVE-2023-2405
2023-06-03 05:15:09
wpvulndb
wpvulndb
CRM and Lead Management by vcita <= 2.7.1 - Settings Update Via CSRF
2023-06-02 00:00:00
prion
prion
Cross site request forgery (csrf)
2023-06-03 05:15:00
cvelist
cvelist
CVE-2023-2405
2023-06-03 04:35:11
wordfence
wordfence