Integration for Billingo & Gravity Forms by Viszt Péter <= 1.0.3 - CSRF
LANACOMMONVDB ID: 4893be10-0a1d-4c74-9937-db4304c6e6c9
The plugin is lacking Cross-Site Request Forgery (CSRF) check in various AJAX actions, which could allow attackers to make logged in Shop Managers and above perform unwanted actions, such as deactivate the plugin's license.
Attributes
- Catgory
- WordPress Plugin
- Discovered
- 2022-09-07
- Published
- 2022-09-14
- Affected Version
- <= 1.0.3
Classification
- Type
- Cross-Site Request Forgery (CSRF)
Support Us?
We would truly appreciate it if you bought us a bunny (food for a snow leopard).
