WordPress Plugin Vulnerabilities

Download Manager < 3.1.22 - Plugin Settings Change via CSRF

Description

The wpdm_settings AJAX action, used the section POST parameter to call the associated settings handler methods dynamically. However, the pluginUpdate() (section=plugin-update) and Privacy() (section=privacy) were missing CSRF checks. Furthermore, the Privacy() function did not ensure that the options to be updated were actually related to privacy, allowing any option key containing _wpdm_ to be updated.

Proof of Concept

Affects Plugins

Plugin icon
download-manager
Fixed in 3.1.22

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
6.3 (medium)

Miscellaneous

Original Researcher
WPScanTeam
Verified
Yes
WPVDB ID
2a9331b1-1d43-4729-bb0a-9198ffe3d703

Timeline

Publicly Published
2021-04-30 (about 4 years ago)
Added
2021-04-30 (about 4 years ago)
Last Updated
2021-04-30 (about 4 years ago)

Other

Published
Title
Published
2025-03-24
Title
banner-manager <= 16.04.19 - Cross-Site Request Forgery to Stored Cross-Site Scripting
Published
2025-04-09
Title
IP2Location World Clock < 1.1.10 - Cross-Site Request Forgery to Stored Cross-Site Scripting
Published
2024-11-22
Title
RealtyCandy IDX Broker Extended <= 1.5.1 - Cross-Site Request Forgery
Published
2021-07-05
Title
Flash Games <= 2.2 - CSRF Bypass
Published
2024-06-21
Title
WP Job Manager - Resume Manager < 2.2.0 - Cross-Site Request Forgery