CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
What the vulnerability does
Cross-Site Request Forgery (CSRF) vulnerability in Matthias Nordwig Anti-spam, Spam protection, ReCaptcha for all forms and GDPR-compliant gdpr-compliant-recaptcha-for-all-forms allows Cross Site Request Forgery.This issue affects Anti-spam, Spam protection, ReCaptcha for all forms and GDPR-compliant: from n/a through <= 4.1.1.
Explanation of Vulnerability in Simple Terms
This plugin contains a cross-site request forgery (CSRF) vulnerability affecting versions up to 4.1.1. An attacker can craft a malicious webpage that, when visited by a logged-in site administrator, performs unwanted actions on the site without their knowledge. The vulnerability requires the admin to visit the attacker's page but does not expose sensitive data or cause service disruption.
What an attacker can do
Perform unwanted actions on the site by tricking an admin into visiting a malicious webpage.
Potential impact on your site
Administrators could unknowingly trigger unintended plugin configuration changes or other actions.
Conditions required to exploit
Admin must visit attacker-controlled webpage while logged into the site.
Key dates
External resources
Related vulnerabilities
