CVE-2023-2330: Caldera Forms Google Sheets Connector < 1.3 - Access Code Update via CSRF
First published: Mon Jul 17 2023(Updated: )
The Caldera Forms Google Sheets Connector WordPress plugin before 1.3 does not have CSRF check when updating its Access Code, which could allow attackers to make logged in admin change the access code to an arbitrary one via a CSRF attack
Credit: contact@wpscan.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Gsheetconnector for Forminator Forms WordPress | <=1.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2023-2330?
CVE-2023-2330 is classified as a high-severity vulnerability due to the potential for unauthorized access code changes.
How do I fix CVE-2023-2330?
To fix CVE-2023-2330, update the Caldera Forms Google Sheets Connector plugin to version 1.3 or later.
What does CVE-2023-2330 affect?
CVE-2023-2330 affects the Caldera Forms Google Sheets Connector WordPress plugin versions prior to 1.3.
What type of attack is associated with CVE-2023-2330?
CVE-2023-2330 is related to a Cross-Site Request Forgery (CSRF) attack that can change the access code.
Who is impacted by CVE-2023-2330?
Logged-in administrators of WordPress sites using the affected version of the Caldera Forms Google Sheets Connector are at risk due to CVE-2023-2330.
- collector/nvd-latest
- agent/author
- agent/type
- agent/softwarecombine
- agent/severity
- agent/references
- agent/title
- agent/weakness
- agent/description
- agent/event
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-api
- vendor/gsheetconnector
- canonical/gsheetconnector for forminator forms wordpress
- version/gsheetconnector for forminator forms wordpress/1.2