WordPress Plugin Vulnerabilities

Single Post Exporter <= 1.1.1 - Plugin's Settings Update via CSRF

Description

The plugin does not have CSRF checks when saving its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and give access to the export feature to any role such as subscriber. Subscriber users would then be able to export an arbitrary post/page (such as private and password protected) via a direct URL

Edit: there are two issues: CSRF and lack of authirsartion on the export feature (even unauthorised user can export arbitrary post/page)

Proof of Concept

Affects Plugins

Plugin icon
single-post-exporter
No known fix

References

CVE
CVE-2021-24780

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
5.4 (medium)

Miscellaneous

Original Researcher
Francesco Carlucci
Submitter
Francesco Carlucci
Submitter website
https://carluc.ci
Submitter twitter
francecarlucci
Verified
Yes
WPVDB ID
8764e550-4127-471e-84e6-494d6106a3b0

Timeline

Publicly Published
2021-11-15 (about 4 years ago)
Added
2021-11-15 (about 4 years ago)
Last Updated
2022-04-11 (about 3 years ago)

Other

Published
Title
Published
2023-09-28
Title
Events Rich Snippets for Google <= 1.8 - Cross-Site Request Forgery to Arbitrary Options Update
Published
2025-04-09
Title
WP Calais Auto Tagger <= 2.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting
Published
2025-04-09
Title
ePaper Lister for Yumpu <= 1.4.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting
Published
2014-12-18
Title
Gslideshow <= 0.1 - Multiple CSRF
Published
2023-09-20
Title
Inactive Logout < 3.2.3 - Cross-Site Request Forgery