WordPress Plugin Vulnerabilities
Easy Pricing Tables < 3.1.3 - Arbitrary Post Removal via CSRF
Description
The plugin does not verify the CSRF nonce when removing posts, allowing attackers to make a logged in admin remove arbitrary posts from the blog via a CSRF attack, which will be put in the trash
Proof of Concept
https://example.com/wp-admin/edit.php?post_type=easy-pricing-table&page=ept3-list&action=trash&post=1
Affects Plugins
References
CVE
Classification
Type
CSRF
OWASP top 10
CWE
CVSS
Miscellaneous
Original Researcher
Krzysztof Zając
Submitter
Krzysztof Zając
Submitter website
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2022-02-01 (about 2 years ago)
Added
2022-02-01 (about 2 years ago)
Last Updated
2022-04-13 (about 2 years ago)