Headline
CVE-2023-2303: vcita-callback.php in lead-capturing-call-to-actions-by-vcita/trunk – WordPress Plugin Repository
The Contact Form and Calls To Action by vcita plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.6.4. This is due to missing nonce validation in the vcita-callback.php file. This makes it possible for unauthenticated attackers to modify the plugin’s settings and inject malicious JavaScript via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Last change on this file was 1136164, checked in by , 8 years ago
Adding version 1.0.0
- Property svn:executable set to *
File size: 905 bytes
Line
1
<?php
2
$success = $_GET[‘success’];
3
$uid = $_GET[‘uid’];
4
$first_name = $_GET[‘first_name’];
5
$last_name = $_GET[‘last_name’];
6
$title = $_GET[‘title’];
7
$confirmation_token = $_GET[‘confirmation_token’];
8
$confirmed = $_GET[‘confirmed’];
9
$engage_delay = $_GET[‘engage_delay’];
10
$implementation_key = $_GET[‘implementation_key’];
11
$email = $_GET[‘email’];
12
$confirmed = 'true’;
13
vcita_uninstall();
14
vcita_clean_expert_data();
15
vcita_parse_expert_data(compact(
16
'success’,
17
'uid’,
18
'first_name’,
19
'last_name’,
20
'email’,
21
'title’,
22
'confirmation_token’,
23
'confirmed’,
24
'engage_delay’,
25
'implementation_key’,
26
‘confirmed’
27
));
28
29
vcita_set_contact_page();
30
31
$redirectURL = get_admin_url('’, '’, ‘admin’).’admin.php?page=’.
32
VCITA\_WIDGET\_UNIQUE\_ID.'/vcita-settings-functions.php';
33
?>
34
<script type="text/javascript">
35
window.location = "<?php echo($redirectURL) ?>";
36
</script>
Note: See TracBrowser for help on using the repository browser.
Related news
The Event Registration Calendar By vcita plugin, versions up to and including 3.9.1, and Online Payments – Get Paid with PayPal, Square & Stripe plugin, for WordPress are vulnerable to Cross-Site Request Forgery. This is due to missing nonce validation in the ls_parse_vcita_callback() function. This makes it possible for unauthenticated attackers to modify the plugin's settings and inject malicious JavaScript via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.