WordPress和WordPress plugin 跨站请求伪造漏洞

WordPress is a set of blogging platforms developed by the Wordpress Foundation using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. A cross-site request forgery vulnerability exists in the WordPress Remove Footer Credit plugin, which stems from th...

WP-Matomo Integration (WP-Piwik) < 1.0.27 - Plugin Settings Reset via CSRF

The plugin does not have CSRF when resetting its settings, which could allow attackers to make a logged in admin reset them via a CSRF attack https://example.com/wp-admin/options-general.php?page=wp-piwik%2Fclasses%2FWPPiwik.php&clear=2...

WP-Matomo Integration (WP-Piwik) < 1.0.27 - Plugin Settings Reset via CSRF

The plugin does not have CSRF when resetting its settings, which could allow attackers to make a logged in admin reset them via a CSRF attack PoC https://example.com/wp-admin/options-general.php?page=wp-piwik%2Fclasses%2FWPPiwik.php=2...

Improper Authorization in librenms/librenms

Description LibreNMS v22.1.0 allows users with the normal role/level to interact with the plugin setting resulting in the users could take action such as switching on/off any installed plugins which are supposedly accessible by the Administrator only. Proof of Concept Affected endpoints: 1 GET...

CVE-2021-43353

The Crisp Live Chat WordPress plugin is vulnerable to Cross-Site Request Forgery due to missing nonce validation via the crisppluginsettingspage function found in the /crisp.php file, which made it possible for attackers to inject arbitrary web scripts in versions up to, and including 0.31...

WordPress Ibtana plugin <= 1.1.4.8 - Plugin Settings Update vulnerability leading to Stored Cross-Site Scripting (XSS)

Plugin Settings Update vulnerability leading to Stored Cross-Site Scripting XSS discovered by Krzysztof Zając in WordPress Ibtana plugin versions = 1.1.4.8. Solution Update the WordPress Ibtana plugin to the latest available version at least 1.1.4.9...

WP Mail Logging < 1.10.0 - Outdated Redux Framework

The plugin uses an outdated version of the Redux Framework, which is know to be affected by security issues CVE-2021-38312 and CVE-2021-38314, and could allow unauthenticated attackers to change some of the Framework settings by using CVE-2021-38314 PoC The first endpoint we can identify is...

WordPress 跨站请求伪造漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports personal blog sites on servers running PHP and MySQL. A cross-site request forgery vulnerability exists in the WordPress plugin that stems from The Images to WebP...

Flex Local Fonts <= 1.0.0 - Admin+ Stored Cross-Site-Scripting

The plugin does not escape the Class Name field when adding a font, which could allow hight privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. Add a new font Tools -- Local Fonts -- Add Font, need to have at least one font for the 'Add...

WordPress Single Post Exporter plugin <= 1.1.1 - Cross-Site Request Forgery (CSRF) vulnerability leading to Plugin Settings Update

Cross-Site Request Forgery CSRF vulnerability leading to Plugin Settings Update discovered by Francesco Carlucci in WordPress Single Post Exporter plugin versions = 1.1.1. Solution Deactivate and delete. This plugin has been closed as of September 23, 2021 and is not available for download. This...

WordPress WP Admin Logo Changer plugin <= 1.0 - Cross-Site Request Forgery (CSRF) vulnerability leading to Plugin Settings Update

Cross-Site Request Forgery CSRF vulnerability leading to Plugin Settings Update discovered by apple502j in WordPress WP Admin Logo Changer plugin versions = 1.0. Solution Deactivate and delete. This plugin has been closed as of October 4, 2021 and is not available for download. This closure is...

WordPress 跨站请求伪造漏洞

WordPress is the WordPress Foundation's set of blogging platforms developed using the PHP language. The platform supports personal blogging sites on PHP and MySQL servers.The WordPress Far Future Expiry Header plugin is vulnerable to cross-site request forgery, which stems from the lack of a vali...

CVE-2021-24690 Chained Quiz < 1.2.7.2 - Authenticated Stored Cross Site Scripting

The Chained Quiz WordPress plugin before 1.2.7.2 does not properly sanitize or escape inputs in the plugin's settings...

Two Way Chat < 3.1.5 - Multiple CSRF

The plugin does not have CSRF checks in place in some of its functions, allowing attacker to make logged in admin perform unwanted actions, such as update the plugin's settings. PoC...

Far Future Expiry Header < 1.5 - Plugin's Settings Update via CSRF

The plugin does not have CSRF check when saving its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. csrf.submit...

PT-2021-21375 · WordPress · Agca - Absolutely Glamorous Custom Admin

Name of the Vulnerable Software and Affected Versions: AGCA - Absolutely Glamorous Custom Admin WordPress plugin versions n/a through 6.8 Description: The issue affects the AGCA - Absolutely Glamorous Custom Admin WordPress plugin, allowing Stored XSS due to improper neutralization of input durin...

WordPress Price Commander for WooCommerce plugin <= 1.2.1 - Multiple vulnerabilities

Multiple vulnerabilities Authenticated Arbitrary WordPress Options Change, Read and Deletion / Authenticated User Enumeration / Authenticated Plugin Settings Change, Import and Export were discovered by Jerome Bruandet NinTechNet in WordPress Price Commander for WooCommerce plugin versions = 1.2....

WordPress Warranties and Returns for WooCommerce plugin <= 5.2.1 - Multiple vulnerabilities

Multiple vulnerabilities Authenticated Arbitrary WordPress Options Change, Read and Deletion / Authenticated User Enumeration / Authenticated Plugin Settings Change, Import and Export were discovered by Jerome Bruandet NinTechNet in WordPress Warranties and Returns for WooCommerce plugin versions...

WordPress Live Search for WooCommerce plugin <= 1.3.1 - Multiple vulnerabilities

Multiple vulnerabilities Authenticated Arbitrary WordPress Options Change, Read and Deletion / Authenticated User Enumeration / Authenticated Plugin Settings Change, Import and Export were discovered by Jerome Bruandet NinTechNet in WordPress Live Search for WooCommerce plugin versions = 1.3.1...

Multiple Plugins from CatchThemes - Unauthorised Plugin's Setting Change

Multiple Plugins from the CatchThemes vendor do not perform capability and CSRF checks in the ctpswitch AJAX action, which could allow any authenticated users, such as Subscriber to change the plugin's configurations. 1 Turn off "Turn On Catch Themes & Catch Plugin tabs" jQuery.postajaxurl,...