CVE-2020-6849 – marketo-forms-and-tracking WordPress Plugin vulnerable to CSRF leading to XSS attack

The settings page for the marketo-forms-and-tracking WordPress Plugin is vulnerable to CSRF, this CSRF can be used to inject a script tag into theĀ  WordPress Admin Panel, making this attack vector an authenticated XSS attack.

Proof of Concept example:

CategoriesUncategorized