Vulners
Lucene search
WordPress Member Approval Cross Site Request Forgery
| Reporter | Title | Published | Views | Family All 7 |
|---|---|---|---|---|
 | CVE-2014-3850 | 11 Jun 201414:00 | – | cve |
 | CVE-2014-3850 | 11 Jun 201414:00 | – | cvelist |
 | EUVD-2014-3787 | 7 Oct 202500:30 | – | euvd |
 | CVE-2014-3850 | 11 Jun 201414:55 | – | nvd |
 | WordPress Member Approval Plugin <= 131109 - CSRF | 23 May 201400:00 | – | patchstack |
 | Cross site request forgery (csrf) | 11 Jun 201414:55 | – | prion |
 | Member Approval 131109 - wp-admin/options-general.php Option Manipulation CSRF | 1 Aug 201410:59 | – | wpvulndb |
`Details
================
Software: Member Approval
Version: 131109
Homepage: http://wordpress.org/plugins/member-approval/
Advisory ID: dxw-1970-1172
CVE: CVE-2014-3850
CVSS: 5.8 (Medium; AV:N/AC:M/Au:N/C:P/I:P/A:N)
Description
================
CSRF in Member Approval 131109 permits unapproved registrations
Vulnerability
================
By convincing a logged-in administrator to visit a link of an attacker’s choosing an attacker can reset the plugin’s options to the defaults, meaning that registrations will become open to everybody without requiring approval.
Proof of concept
================
By clicking the submit button here, an admin will reset the plugin to the defaults (with some slight modifications there may be a stored XSS here too, but I did not investigate further):
<form method=\"post\" action=\"http://localhost/wp-admin/options-general.php?page=member-approval\">
<input type=\"submit\">
</form>
Note: no admin action is necessary assuming the attacker can persuade an admin to visit a page under their control, as the form can be submitted using Javascript.
Mitigations
================
Disable the plugin until a fix is available.
Disclosure policy
================
dxw believes in responsible disclosure. Your attention is drawn to our disclosure policy: https://security.dxw.com/disclosure/
Please contact us on [email protected] to acknowledge this report if you received it via a third party (for example, [email protected]) as they generally cannot communicate with us on your behalf.
This vulnerability will be published if we do not receive a response to this report with 14 days.
Timeline
================
2014-04-08: Discovered
2014-04-10: Reported to [email protected]
2014-06-10: No response from author. Published.
Discovered by dxw:
================
Tom Adams
=======
Discovered by dxw:
================
Tom Adams
Please visit security.dxw.com for more information.
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
10 Jun 2014 00:00Current
0.1Low risk
Vulners AI Score0.1
EPSS0.00095