ActiveCampaign for WooCommerce, 713e8176a911ed97d097df89d6b2a137b7aa90eb
- CVE, Research URL
- Home page URL
- Application
- Published on
- Dec 20, 2022
- Research Description
- ActiveCampaign for WooCommerce [activecampaign-for-woocommerce] < 1.9.8 ActiveCampaign for WooCommerce <= 1.9.7 - Cross-Site Request Forgery The ActiveCampaign plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.9.7. This is due to missing or incorrect nonce validation on the clear_error_logs function. This makes it possible for unauthenticated attackers to delete the plugin's error logs, via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
- Affected versions
-
Min -, max 1.9.8.
- Status
-
vulnerable
| Previous vulnerability researches |
|---|
| ActiveCampaign for WooCommerce (CVE-2022-3923) , Jun 07, 2024 |
| ActiveCampaign for WooCommerce (713e8176a911ed97d097df89d6b2a137b7aa90eb) , Jun 07, 2024 |