WordPress Plugin Vulnerabilities

Woocommerce Customers Manager < 26.6 - Arbitrary Account Creation/Update via CSRF

Description

The fixes for https://wpscan.com/vulnerability/126143e0-b0cc-4517-862e-3ac557db744f still allowed the issue to be performed via a CSRF attack.

The upload_csv AJAX action, available to authenticated users, did not have proper CRSF check, allowing attacker to make a logged in user with the manage_woocommerce capability, to call it and import arbitrary users and could lead to new administrator accounts being created.

Proof of Concept

Affects Plugins

Plugin icon
woocommerce-customers-manager
Fixed in 26.6

References

URL
https://blog.wpscan.com/2021/04/08/woocommerce-customers-manager-wordpress-security-vulnerabilities.html
URL
https://codecanyon.net/item/woocommerce-customers-manager/10965432

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
8.8 (high)

Miscellaneous

Original Researcher
WPScanTeam
Verified
Yes
WPVDB ID
10e2cb9d-7285-4d85-923b-bc1ba97bd51a

Timeline

Publicly Published
2021-03-30 (about 4 years ago)
Added
2021-03-30 (about 4 years ago)
Last Updated
2021-04-09 (about 4 years ago)

Other

Published
Title
Published
2024-04-05
Title
MM-email2image <= 0.2.5 - Stored XSS via CSRF
Published
2023-10-22
Title
Smooth Scroll Links <= 1.1.0 - Arbitrary Settings Update via CSRF
Published
2024-11-01
Title
Twitter @Anywhere Plus <= 2.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting
Published
2024-05-24
Title
WP Prayer II <= 2.4.7 - Settings Update via CSRF
Published
2024-11-22
Title
IceStats <= 1.3 - Cross-Site Request Forgery