Lucene search
K

WordPress Google Analyticator 6.4.9.3 CSRF

🗓️ 20 Jun 2015 00:00:00Reported by Nitin VenkateshType 
packetstorm
 packetstorm
🔗 packetstormsecurity.com👁 46 Views

Cross-Site Request Forgery in Google Analyticator Wordpress Plugin v6.4.9.3 before rev @1183563 allows CSRF exploitation disrupting plugin functionalit

Code
`# Title: Cross-Site Request Forgery in Google Analyticator Wordpress Plugin  
v6.4.9.3 before rev @1183563  
# Submitter: Nitin Venkatesh  
# Product: Google Analyticator Wordpress Plugin  
# Product URL: https://wordpress.org/plugins/google-analyticator/  
# Vulnerability Type: Cross-Site Request Forgery [CWE-352]  
# Affected Versions: v6.4.9.3 before rev @1183563 and possibly earlier  
# Tested versions: v6.4.9.3 rev @1168849  
# Fixed Version: v6.4.9.3 rev @1183563  
# Link to code diff: https://plugins.trac.wordpress.org/changeset/1183563/  
# CVE Status: None/Unassigned/Fresh  
  
## Product Information:  
  
Google Analyticator makes it super easy to view Google Analytics within  
your WordPress dashboard. This eliminates the need to edit your template  
code to begin logging. Google Analyticator also includes several widgets  
for displaying Analytics data in the admin and on your blog.  
  
One of the most popular WordPress plugins for Google Analytics! Over 3.5+  
million downloads.  
  
## Vulnerability Description:  
  
The administrative actions allowed by the plugin can be exploited using  
CSRF which could be used to disrupt the functionality provided by the  
plugin.  
  
## Proof-of-Concept:  
  
http://localhost/wp-admin/options-general.php?page=google-analyticator.php&pageaction=ga_clear_cache  
  
http://localhost/wp-admin/options-general.php?page=ga_reset  
  
## Solution:  
  
Upgrade to v6.4.9.3 rev @1183563  
  
## Disclosure Timeline:  
  
2015-05-30 - Contacted developer via forums.  
2015-06-02 - Vulnerability details submitted on the forums on developer's  
request -  
https://wordpress.org/support/topic/discovered-security-vulnerabilities-1  
2015-06-13 - Re-contacted developer on the forums.  
2015-06-18 - Update released.  
2015-06-19 - Publishing to Full Disclosure mailing list  
  
## Disclaimer:  
  
This disclosure is purely meant for educational purposes. I will in no way  
be responsible as to how the information in this disclosure is used.  
  
  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation