WordPress Plugin Vulnerabilities

Facebook for WordPress 3.0.0-3.0.3 - CSRF to Stored XSS and Settings Deletion

Description

The wp_ajax_save_fbe_settings and wp_ajax_delete_fbe_settings AJAX actions of the plugin were vulnerable to CSRF due to a lack of nonce protection. The settings in the saveFbeSettings function had no sanitization allowing for script tags to be saved.

Proof of Concept

Affects Plugins

Plugin icon
official-facebook-pixel
Fixed in 3.0.4

References

CVE
CVE-2021-24218
URL
https://www.wordfence.com/blog/2021/03/two-vulnerabilities-patched-in-facebook-for-wordpress-plugin/

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
8.8 (high)

Miscellaneous

Original Researcher
Chloe Chamberland
Submitter
Chloe Chamberland
Submitter website
https://wordfence.com
Submitter twitter
infosecchloe
Verified
Yes
WPVDB ID
169d21fc-d191-46ff-82e8-9ac887aed8a4

Timeline

Publicly Published
2021-03-25 (about 4 years ago)
Added
2021-03-25 (about 4 years ago)
Last Updated
2021-03-27 (about 4 years ago)

Other

Published
Title
Published
2024-04-11
Title
Sync Post With Other Site < 1.5.2 - Cross-Site Request Forgery
Published
2023-06-15
Title
Recipe Maker For Your Food Blog from Zip Recipes < 8.0.8 - Multiple CSRF
Published
2024-11-13
Title
Hacklog DownloadManager <= 2.1.4 - Cross-Site Request Forgery to Arbitrary File Upload
Published
2024-03-13
Title
DSGVO All in one for WP < 4.4 - Cross-Site Request Forgery
Published
2022-05-02
Title
StaffList < 3.1.6 - Arbitrary Staff Deletion via CSRF