UCRM Client Signup Plugin Cross-Site Request Forgery Leading to Cross-Site Scripting Vulnerability
Vulnerability
A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the UCRM Client Signup Plugin versions through 1.3.4. This vulnerability can lead to Cross-Site Scripting (XSS) and potential privilege escalation if an Administrator is deceived into visiting a maliciously crafted page. It is important to note that the plugin is disabled by default.
Impact
Exploitation of this vulnerability could result in Cross-Site Scripting, allowing an attacker to inject malicious scripts that could be executed in the context of the user's browser.
Added: Jun 29, 2025, 8:19 PM
Updated: Jun 29, 2025, 8:19 PM
Vulnerability Rating
Custom Algorithm
spread
0.0impact
1.7exploitability
6.4remediation
0.0relevance
0.2threat
0.0urgency
2.9incentive
1.7Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.