WordPress Plugin Vulnerabilities

Contextual Related Posts < 2.9.4 - CSRF Nonce Validation Bypass

Description

The plugin does not properly check for the CSRF nonce in the export and import features, which could allow attackers to make authenticated logged in administrators perform those actions via a CSRF attack.

Proof of Concept

Affects Plugins

Plugin icon
contextual-related-posts
Fixed in 2.9.4

References

URL
https://plugins.trac.wordpress.org/changeset/2387037/contextual-related-posts/trunk/includes/admin/modules/tools.php
URL
https://lenonleite.com.br/en/2020/09/19/explorando-vulnerabilidade-em-operadores-logicos-isset-algumacoisa/

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
5.4 (medium)

Miscellaneous

Original Researcher
Lenon Leite
Submitter
Lenon Leite
Submitter website
https://lenonleite.com.br/
Submitter twitter
lenonleite
Verified
Yes
WPVDB ID
737e8d03-aa44-4903-a82d-6da94962aa0a

Timeline

Publicly Published
2020-11-19 (about 5 years ago)
Added
2020-11-19 (about 5 years ago)
Last Updated
2020-11-20 (about 5 years ago)

Other

Published
Title
Published
2023-04-07
Title
PixTypes < 1.4.15 - Cross-Site Request Forgery
Published
2022-05-30
Title
PDF24 Articles To PDF <= 4.2.2 - Arbitrary Settings Update via CSRF
Published
2023-06-19
Title
Form Builder <= 1.9.9.0 - CSRF
Published
2024-04-11
Title
GEO my WordPress < 4.2 - Cross-Site Request Forgery
Published
2025-01-06
Title
WP Customer Area < 8.2.5 - Event Log Deletion via CSRF