Unrated severityNVD Advisory· Published Mar 18, 2021· Updated Aug 3, 2024
ActiveCampaign < 8.0.2 - Cross-Site Request Forgery in Settings
CVE-2021-24133
Description
Lack of CSRF checks in the ActiveCampaign WordPress plugin, versions before 8.0.2, on its Settings form, which could allow attacker to make a logged-in administrator change API Credentials to attacker's account.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- WordPress/ActiveCampaigndescription
- Range: <8.0.2
Patches
Vulnerability mechanics
References
1- wpscan.com/vulnerability/a72a5be4-654b-496f-94cd-3814c0e40120mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.