Lack of CSRF checks in the ActiveCampaign WordPress plugin, versions prior to 8.0.2, on its Settings form, which could allow malicious user to make a logged-in administrator change API Credentials to attacker's account.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
activecampaign activecampaign |