cleantalk
Vulnerabilities and Security Researches

Vulnerabilities and security researches foractivecampaign-for-woocommerce activecampaign-for-woocommerce

Direction: ascending
Jun 07, 2024

ActiveCampaign for WooCommerce # CVE-2022-3923

CVE, Research URL

CVE-2022-3923

Date
Jan 10, 2023
Research Description
The ActiveCampaign for WooCommerce WordPress plugin before 1.9.8 does not have authorisation check when cleaning up its error logs via an AJAX action, which could allow any authenticated users, such as subscriber to call it and remove error logs.
Affected versions
Min -, max -.
Status
vulnerable

ActiveCampaign for WooCommerce # 713e8176a911ed97d097df89d6b2a137b7aa90eb

Date
Dec 20, 2022
Research Description
ActiveCampaign for WooCommerce [activecampaign-for-woocommerce] < 1.9.8 ActiveCampaign for WooCommerce <= 1.9.7 - Cross-Site Request Forgery The ActiveCampaign plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.9.7. This is due to missing or incorrect nonce validation on the clear_error_logs function. This makes it possible for unauthenticated attackers to delete the plugin's error logs, via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Affected versions
Min -, max -.
Status
vulnerable