WordPress Plugin Vulnerabilities

Browser and Operating System Finder <= 1.2 - Unauthenticated Arbitrary Settings Update to Stored XSS

Description

The plugin does not have authorisation and CSRF checks when saving its settings, allowing unauthenticated users to update them, which could also lead to Stored XSS due to the lack of sanitisation and escaping.

The original advisory mention a CSRF issue, which is incorrect, as unauthenticated users can exploit this themselves w/o a CSRF attack. Furthermore, v1.2 added a CSRF check, but is still missing capability check

Proof of Concept

Affects Plugins

Plugin icon
browser-and-operating-system-finder
No known fix

References

CVE
CVE-2021-20851
URL
https://jvn.jp/en/jp/JVN93562098/

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
8.3 (high)

Miscellaneous

Original Researcher
Imai Shinpei of Cryptography Laboratory
Verified
Yes
WPVDB ID
5509962a-90bb-4072-9ce6-eabb70436346

Timeline

Publicly Published
2021-11-25 (about 4 years ago)
Added
2022-06-02 (about 3 years ago)
Last Updated
2023-03-04 (about 3 years ago)

Other

Published
Title
Published
2025-12-11
Title
Blaze Demo Importer 1.0.0 - 1.0.13 - Missing Authorization to Authenticated (Subscriber+) Database Reset and File Deletion
Published
2024-09-04
Title
HelloAsso < 1.1.11 - Missing Authorization to Authenticated (Contributor+) Limited Options Update
Published
2025-04-15
Title
JetMenu < 2.4.9.1 - Missing Authorization
Published
2023-10-12
Title
Nexter < 2.0.4 - Missing Authorization
Published
2025-12-12
Title
Popup Builder < 1.1.39 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Settings Reset