6.8 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
23.5%
Description The plugin uses a weak authentication toke for it’s /wp-json/salesmanago/v1/callbackApiV3 API endpoint, allowing unauthenticated attackers to inject arbitrary content into the plugin logs.
plugins.trac.wordpress.org/changeset/2981700/salesmanago
www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/salesmanago/salesmanago-324-log-injection-via-weak-authentication-token