Lucene search

K
wpvulndbNguyen Anh TienWPVDB-ID:A72A5BE4-654B-496F-94CD-3814C0E40120
HistorySep 06, 2020 - 12:00 a.m.

ActiveCampaign < 8.0.2 - Cross-Site Request Forgery in Settings

2020-09-0600:00:00
Nguyen Anh Tien
wpscan.com
8

0.001 Low

EPSS

Percentile

27.4%

The ActiveCampaign 8.0.1 plugin is lacking CSRF check on its Settings form, which could allow attacker to make a logged-in administrator change API Credentials to attacker’s account.

PoC

When a logged-in administrator accesses an HTML page embedded below content, the plugin’s setting will be changed.

0.001 Low

EPSS

Percentile

27.4%

Related for WPVDB-ID:A72A5BE4-654B-496F-94CD-3814C0E40120