What the vulnerability does
01Description
Cross-Site Request Forgery (CSRF) vulnerability in leadfox Leadfox for WordPress leadfox allows Cross Site Request Forgery.This issue affects Leadfox for WordPress: from n/a through <= 2.1.9.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
What the vulnerability does
Cross-Site Request Forgery (CSRF) vulnerability in leadfox Leadfox for WordPress leadfox allows Cross Site Request Forgery.This issue affects Leadfox for WordPress: from n/a through <= 2.1.9.
Explanation of Vulnerability in Simple Terms
The Leadfox WordPress plugin through version 2.1.9 is vulnerable to cross-site request forgery (CSRF). An attacker can trick a logged-in site administrator into performing unwanted actions by crafting a malicious link or page. The vulnerability affects the plugin's administrative functions and can result in unauthorized changes to site settings or data.
What an attacker can do
Trick an admin into performing unwanted actions on the site, such as changing settings or modifying data.
Potential impact on your site
An attacker can modify plugin settings or site data without your knowledge if you click a malicious link while logged in.
Conditions required to exploit
Site admin must be logged in and visit a malicious link or page controlled by the attacker.
Key dates
External resources