Cross-Site Request Forgery in Apptivo Business Site CRM Plugin for WordPress
CVE-2024-13405
4.3MEDIUM
Summary
The Apptivo Business Site CRM plugin for WordPress exhibits a vulnerability that allows Cross-Site Request Forgery (CSRF) attacks due to improper nonce validation on the 'awp_ip_deny' page. This flaw enables unauthenticated attackers to manipulate the plugin’s functionality by tricking site administrators into executing malicious actions, such as clicking on deceptive links, leading to unauthorized blocking of IP addresses. It is essential for administrators using this plugin to implement adequate security measures to safeguard against potential exploitation.
Affected Version(s)
Apptivo Business Site CRM * <= 5.3
References
CVSS V3.1
Score:
4.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
SOPROBRO