What the vulnerability does
01Description
Cross-Site Request Forgery (CSRF) vulnerability in instapagedev Instapage Plugin instapage allows Cross Site Request Forgery.This issue affects Instapage Plugin: from n/a through <= 3.7.0.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
What the vulnerability does
Cross-Site Request Forgery (CSRF) vulnerability in instapagedev Instapage Plugin instapage allows Cross Site Request Forgery.This issue affects Instapage Plugin: from n/a through <= 3.7.0.
Explanation of Vulnerability in Simple Terms
The Instapage Plugin for WordPress contains a cross-site request forgery (CSRF) vulnerability in versions up to 3.7.0. An attacker can craft a malicious webpage that, when visited by a logged-in site administrator, performs unwanted actions on the site without their knowledge. The vulnerability requires user interaction but does not require authentication to set up the attack.
What an attacker can do
Trick a logged-in admin into performing unwanted actions on the site via a malicious webpage.
Potential impact on your site
Admins could unknowingly modify site settings, content, or plugin configuration if tricked into visiting a malicious link.
Conditions required to exploit
Admin must visit attacker's webpage while logged into WordPress; no special access required to create the attack.
Key dates
External resources