CVE-2023-2330

Published: Jul 17, 2023Modified: Nov 21, 2024

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

The Caldera Forms Google Sheets Connector WordPress plugin before 1.3 does not have CSRF check when updating its Access Code, which could allow attackers to make logged in admin change the access code to an arbitrary one via a CSRF attack

Affected (1)

Products: Gsheetconnector: Caldera Forms Google Sheets Connector

Gsheetconnector

1 product

Caldera Forms Google Sheets Connector

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Gsheetconnector Caldera Forms Google Sheets Connector	Up to 1.2

References (2)

https://wpscan.com/vulnerability/fa8ccdd0-7b23-4b12-9aa9-4b29d47256b8

Source: contact@wpscan.com

ExploitThird Party Advisory

https://wpscan.com/vulnerability/fa8ccdd0-7b23-4b12-9aa9-4b29d47256b8

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.