Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormTom AdamsPACKETSTORM:127024
HistoryJun 10, 2014 - 12:00 a.m.

WordPress Member Approval Cross Site Request Forgery

2014-06-1000:00:00
Tom Adams
packetstormsecurity.com
22

0.002 Low

EPSS

Percentile

52.2%

JSON
`Details  
================  
Software: Member Approval  
Version: 131109  
Homepage: http://wordpress.org/plugins/member-approval/  
Advisory ID: dxw-1970-1172  
CVE: CVE-2014-3850  
CVSS: 5.8 (Medium; AV:N/AC:M/Au:N/C:P/I:P/A:N)  
  
Description  
================  
CSRF in Member Approval 131109 permits unapproved registrations  
  
Vulnerability  
================  
By convincing a logged-in administrator to visit a link of an attacker’s choosing an attacker can reset the plugin’s options to the defaults, meaning that registrations will become open to everybody without requiring approval.  
  
Proof of concept  
================  
By clicking the submit button here, an admin will reset the plugin to the defaults (with some slight modifications there may be a stored XSS here too, but I did not investigate further):  
<form method=\"post\" action=\"http://localhost/wp-admin/options-general.php?page=member-approval\">  
<input type=\"submit\">  
</form>  
  
Note: no admin action is necessary assuming the attacker can persuade an admin to visit a page under their control, as the form can be submitted using Javascript.  
  
Mitigations  
================  
Disable the plugin until a fix is available.  
  
Disclosure policy  
================  
dxw believes in responsible disclosure. Your attention is drawn to our disclosure policy: https://security.dxw.com/disclosure/  
  
Please contact us on [email protected] to acknowledge this report if you received it via a third party (for example, [email protected]) as they generally cannot communicate with us on your behalf.  
  
This vulnerability will be published if we do not receive a response to this report with 14 days.  
  
Timeline  
================  
  
2014-04-08: Discovered  
2014-04-10: Reported to [email protected]  
2014-06-10: No response from author. Published.  
  
Discovered by dxw:  
================  
Tom Adams  
=======  
  
Discovered by dxw:  
================  
Tom Adams  
  
Please visit security.dxw.com for more information.  
  
  
  
  
`

Related

cve 1
wpvulndb 1
patchstack 1
prion 1
cvelist 1
nvd 1
cve
cve
CVE-2014-3850
2014-06-11 14:55:08
wpvulndb
wpvulndb
Member Approval 131109 - wp-admin/options-general.php Option Manipulation CSRF
2014-08-01 10:59:15
patchstack
patchstack
WordPress Member Approval Plugin <= 131109 - CSRF
2014-05-23 00:00:00
prion
prion
Cross site request forgery (csrf)
2014-06-11 14:55:00
cvelist
cvelist
CVE-2014-3850
2014-06-11 14:00:00
nvd
nvd
CVE-2014-3850
2014-06-11 14:55:08

0.002 Low

EPSS

Percentile

52.2%

JSON
Related for PACKETSTORM:127024
cve1wpvulndb1patchstack1prion1cvelist1nvd1