WordPress Plugin Vulnerabilities

Easy Pricing Tables < 3.1.3 - Arbitrary Post Removal via CSRF

Description

The plugin does not verify the CSRF nonce when removing posts, allowing attackers to make a logged in admin remove arbitrary posts from the blog via a CSRF attack, which will be put in the trash

Proof of Concept

https://example.com/wp-admin/edit.php?post_type=easy-pricing-table&page=ept3-list&action=trash&post=1

Affects Plugins

easy-pricing-tables

Fixed in version 3.1.3

References

CVE

CVE-2021-25098

Classification

Type

CSRF

OWASP top 10

A2: Broken Authentication and Session Management

CWE

CWE-352

Miscellaneous

Original Researcher

Krzysztof Zając

Submitter

Krzysztof Zając

Submitter website

https://kazet.cc/

Verified

Yes

WPVDB ID

960a634d-a88a-4d90-9ac3-7d24b1fe07fe

Timeline

Publicly Published

2022-02-01 (about 7 months ago)

Added

2022-02-01 (about 7 months ago)

Last Updated

2022-04-13 (about 5 months ago)

Our Other Services

WPScan WordPress Security Plugin