CVE-2023-2326: Gravity Forms Google Sheet Connector < 1.3.5 - Access Code Update via CSRF
First published: Tue Jun 27 2023(Updated: )
The Gravity Forms Google Sheet Connector WordPress plugin before 1.3.5, gsheetconnector-gravityforms-pro WordPress plugin through 1.3.5 does not have CSRF check when updating its Access Code, which could allow attackers to make logged in admin change the access code to an arbitrary one via a CSRF attack
Credit: contact@wpscan.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Gsheetconnector for Forminator Forms WordPress | <1.3.5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2023-2326?
CVE-2023-2326 has a high severity rating due to the potential for unauthorized access code changes.
How do I fix CVE-2023-2326?
To fix CVE-2023-2326, update the Gravity Forms Google Sheets Connector plugin to version 1.3.5 or later.
What are the consequences of CVE-2023-2326?
The consequences of CVE-2023-2326 include possible unauthorized modifications to access codes, which could compromise data security.
Who is affected by CVE-2023-2326?
CVE-2023-2326 affects users of the Gravity Forms Google Sheets Connector plugin versions prior to 1.3.5.
What type of vulnerability is CVE-2023-2326?
CVE-2023-2326 is a Cross-Site Request Forgery (CSRF) vulnerability that allows unauthorized access code changes.
- agent/type
- agent/softwarecombine
- agent/references
- agent/title
- agent/severity
- agent/weakness
- agent/author
- agent/description
- agent/first-publish-date
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/gsheetconnector
- canonical/gsheetconnector for forminator forms wordpress