VYPR
Unrated severityNVD Advisory· Published Mar 18, 2021· Updated Aug 3, 2024

ActiveCampaign < 8.0.2 - Cross-Site Request Forgery in Settings

CVE-2021-24133

Description

Lack of CSRF checks in the ActiveCampaign WordPress plugin, versions before 8.0.2, on its Settings form, which could allow attacker to make a logged-in administrator change API Credentials to attacker's account.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.