ThreatPress

WordPress Vulnerabilities Database

Back

WordPress Acobot Live Chat & Contact Form Plugin <= 2.0 - Multiple CSRF

Product
Acobot Live Chat & Contact Form
Description
Because of these vulnerabilities, the attackers can hijack the authentication of administrators for requests that change plugin settings or conduct cross-site scripting attacks.
Solution
Upgrade the plugin.
Classification
Type Cross Site Request Forgery (CSRF)
OWASP Top 10 A8: Cross Site Request Forgery (CSRF)
References
CVE Mitre
CVE
Name CVE-2015-2039
Versions
Affected In <= 2.0
Fixed In 2.1
Disclosure date
2015-02-20
Credits
Morten Nørtoft