CVE-2023-2326: Gravity Forms Google Sheet Connector < 1.3.5 - Access Code Update via CSRF

0.0 CVSS

Description

The Gravity Forms Google Sheet Connector WordPress plugin before 1.3.5, gsheetconnector-gravityforms-pro WordPress plugin through 1.3.5 does not have CSRF check when updating its Access Code, which could allow attackers to make logged in admin change the access code to an arbitrary one via a CSRF attack

Classification

CVE ID: CVE-2023-2326

CVSS Base Severity: LOW

CVSS Base Score: 0.0

Affected Products

Vendor: Unknown

Product: Gravity Forms Google Sheet Connector

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.07% (probability of being exploited)

EPSS Percentile: 31.46% (scored less or equal to compared to others)

EPSS Date: 2025-02-03 (when was this score calculated)

References

https://wpscan.com/vulnerability/f922695a-b803-4edf-aadc-80c79d99bebb

Timeline

2024-11-28 00:10:55 UTC
CVE

Gravity Forms Google Sheet Connector < 1.3.5 - Access Code Update via CSRF