Main Vulnerability Database Vulnerabilities #VU19060

#VU19060 Cross-site request forgery in Popups, Welcome Bar, Optins and Lead Generation Plugin - Icegram

Published: July 9, 2019

Vulnerability identifier: #VU19060

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: N/A

CWE-ID: CWE-352

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Popups, Welcome Bar, Optins and Lead Generation Plugin - Icegram

Software vendor:
icegram

Description

The vulnerability allows a remote attacker to perform cross-site request forgery attacks.

The vulnerability exists due to insufficient validation of the HTTP request origin within the save_gallery_data() AJAX method in icegram.php file. A remote attacker can trick the victim to visit a specially crafted web page and perform arbitrary actions on behalf of the victim on the vulnerable website, such as change plugin settings.

Remediation

Install updates from vendor's website.

External links

https://plugins.trac.wordpress.org/changeset/2119854

#VU19060 Cross-site request forgery in Popups, Welcome Bar, Optins and Lead Generation Plugin - Icegram

Description

Remediation

External links

Please verify you're human