WordPress Plugin Vulnerabilities

WP Coder < 2.5.3 - Code Deletion via CSRF

Description

The plugin does not have CSRF check in place when deleting code created by the plugin, which could allow attackers to make a logged in admin delete arbitrary ones via a CSRF attack

Proof of Concept

https://example.com/wp-admin/admin.php?page=wp-coder&info=del&did=1

Affects Plugins

wp-coder

Fixed in version 2.5.3

References

CVE

CVE-2022-2388

Classification

Type

CSRF

OWASP top 10

A2: Broken Authentication and Session Management

CWE

CWE-352

Miscellaneous

Original Researcher

Krzysztof Zając

Submitter

Krzysztof Zając

Submitter website

https://kazet.cc/

Submitter twitter

kazet1234

Verified

Yes

WPVDB ID

50acd35f-eb31-4aba-bf32-b390e9514beb

Timeline

Publicly Published

2022-07-26 (about 4 months ago)

Added

2022-07-26 (about 4 months ago)

Last Updated

2022-07-26 (about 4 months ago)

Our Other Services

WPScan WordPress Security Plugin