Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2015-2039


Vulnerability Score 6.8 6.8
CVE Id CVE-2015-2039
Last Modified 23 Feb 2015 02:11:56
Published 20 Feb 2015 11:59:08
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE



Multiple cross-site request forgery (CSRF) vulnerabilities in the Acobot Live Chat & Contact Form plugin 2.0 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change plugin settings or (2) conduct cross-site scripting (XSS) attacks via the acobot_token parameter in the acobot page to wp-admin/options-general.php.

Vulnerable Systems


  • Acobot Live Chat %26 Contact Form Project Acobot Live Chat %26 Contact Form 2.0


XF - wp-acobot-csrf(100814)

XF - wp-acobot-xss(100813)


Last Updated: 27 May 2016 11:07:54