WordPress Plugin Vulnerabilities

Redux Framework < 4.1.21 - CSRF Nonce Validation Bypass

Description

The plugin did not properly validate some nonces, only checking them if their value was set. As a result, CSRF attacks could still be performed by not submitting the nonce in the request, bypassing the protection they are supposed to provide.

Proof of Concept

Affects Plugins

Plugin icon
redux-framework
Fixed in 4.1.21

References

URL
https://security.devsoftin.com/blog/2020/11/23/exploiting-vulnerability-in-logical-operators-isset-anything/
URL
https://plugins.trac.wordpress.org/changeset/2395813/redux-framework/trunk/redux-core/inc/classes/class-redux-admin-notices.php
URL
https://plugins.trac.wordpress.org/changeset/2395813/redux-framework/trunk/redux-core/inc/classes/class-redux-ajax-save.php
URL
https://github.com/reduxframework/redux-framework-4/pull/160/files

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
Lenon Leite - DevSoftIn
Submitter
Lenon Leite
Submitter website
https://security.devsoftin.com/blog/2020/11/23/exploiting-vulnerability-in-logical-operators-isset-anything/
Submitter twitter
lenonleite
Verified
Yes
WPVDB ID
5d52b68f-faca-4572-bb84-ecb733eecbe7

Timeline

Publicly Published
2020-12-15 (about 5 years ago)
Added
2020-12-15 (about 5 years ago)
Last Updated
2020-12-16 (about 5 years ago)

Other

Published
Title
Published
2025-04-16
Title
Bulk Term Editor <= 1.1.4 - Cross-Site Request Forgery
Published
2025-01-16
Title
Genki Announcement <= 1.4.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting
Published
2025-08-22
Title
WP Fast Total Search < 1.79.274 - Cross-Site Request Forgery
Published
2024-08-01
Title
WordPress Menu Plugin — Superfly Responsive Menu < 5.0.30 - Cross-Site Request Forgery to Arbitrary File Deletion
Published
2022-10-30
Title
TeraWallet – For WooCommerce < 1.4.0 - Settings Update via CSRF