Inquiry Cart WordPress Plugin Cross-Site Request Forgery Vulnerability

A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the Inquiry Cart plugin for WordPress, affecting all versions through 3.4.2. The vulnerability arises from inadequate nonce verification in the 'rd_ic_settings_page' function, which processes settings form submissions. This flaw allows unauthenticated attackers to manipulate the plugin's settings by sending forged requests that could inject malicious scripts. These scripts would be stored and executed in the admin area, provided the attacker can deceive an administrator into clicking a link or performing a similar action.

Impact

Exploitation of this vulnerability could lead to unauthorized changes in the plugin's settings and the injection of malicious scripts that are executed in the admin area, potentially allowing for further exploitation or compromise of the site.

Remediation

No known patch is available for this vulnerability. It is recommended to review the vulnerability details and consider uninstalling the affected plugin.