Cross-Site Request Forgery and XSS Vulnerabilities in Acobot Live Chat & Contact Form for WordPress
CVE-2015-2039

Currently unrated

Key Information:

Vendor: Wordpress
Status: Acobot Live Chat \& Contact Form
Vendor: CVE Published:; 20 February 2015

Summary

The Acobot Live Chat & Contact Form plugin for WordPress contains multiple vulnerabilities, allowing remote attackers to exploit CSRF weaknesses. By strategically crafting requests, an attacker can hijack the authentication of administrators. This manipulation can lead to unauthorized changes in plugin settings and facilitate cross-site scripting (XSS) attacks through the acobot_token parameter, posing significant risks to the security and integrity of affected WordPress sites.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/100813

vdb-entryx_refsource_XF

https://exchange.xforce.ibmcloud.com/vulnerabilities/100814

vdb-entryx_refsource_XF

http://packetstormsecurity.com/files/130306/WordPress-Aco...

x_refsource_MISC

Timeline

Vulnerability published
Feb 20, 2015
Vulnerability Reserved
Feb 20, 2015