Dynamics 365 Integration by AlexaCRM

Dynamics 365 Integration by AlexaCRM <= 1.3.12 - Subscriber+ Log Level Update and Log Download

LANACOMMONVDB ID: 322427e4-8fcf-4663-9469-647e3e1b1a38

The plugin does not have authorisation check when updating log level or downloading log via an AJAX action, which could allow any authenticated users, such as subscriber to call it and update log level and download the log.

You must be log in to view vulnerability details.

Or register a new account.

References

Source Code: https://wordpress.org/plugins/integration-dynamics/

CVE: CVE-2023-28417

Attributes

Catgory: WordPress Plugin

Discovered: 2023-01-09

Published: 2023-03-15

Affected Version: <= 1.3.12

Classification

Type: Cross-Site Request Forgery (CSRF), Missing Authorization

Researcher

Name: István Márton

Email: [email protected]

Support Us?

We would truly appreciate it if you bought us a bunny (food for a snow leopard).