WordPress Plugin Vulnerabilities

CM Download and File Manager < 2.9.0 - Download Unpublish via CSRF

Description

The plugin does not have CSRF checks in some places, which could allow attackers to make logged in admins unpublish downloads via a CSRF attack

Proof of Concept

Make an admin open the URL below

https://example.com/cmdownload/unpublish/id/<download_id>

Affects Plugins

Plugin icon
cm-download-manager
Fixed in 2.9.0

References

CVE
CVE-2024-1231
YouTube Video

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352

Miscellaneous

Original Researcher
Sushmita Poudel
Submitter
Sushmita Poudel
Submitter website
https://susmitapoudel.com.np
Submitter twitter
poudelsushmita1
Verified
Yes
WPVDB ID
7d3968d9-61ed-4c00-8764-0360cf03255e

Timeline

Publicly Published
2024-03-04 (about 2 months ago)
Added
2024-03-04 (about 2 months ago)
Last Updated
2024-03-04 (about 2 months ago)

Other

Published
Title
Published
2023-11-28
Title
Ecwid Ecommerce Shopping Cart < 6.12.5 - Cross-Site Request Forgery
Published
2024-03-25
Title
Paid Memberships Pro < 3.0 - Cross-Site Request Forgery
Published
2015-04-02
Title
WordPress Video Gallery <= 2.8 - Multiple Cross-Site Request Forgery (CSRF)
Published
2022-10-24
Title
Corona Virus (COVID-19) Banner & Live Data < 1.8.0 - CSRF
Published
2023-02-28
Title
HT Politic < 2.3.8 - Arbitrary Plugin Activation via CSRF