WordPress Plugin Vulnerabilities

Easy Pricing Tables < 3.1.3 - Arbitrary Post Removal via CSRF

Description

The plugin does not verify the CSRF nonce when removing posts, allowing attackers to make a logged in admin remove arbitrary posts from the blog via a CSRF attack, which will be put in the trash

Proof of Concept

https://example.com/wp-admin/edit.php?post_type=easy-pricing-table&page=ept3-list&action=trash&post=1

Affects Plugins

Plugin icon
easy-pricing-tables
Fixed in 3.1.3

References

CVE
CVE-2021-25098

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
5.4 (medium)

Miscellaneous

Original Researcher
Krzysztof Zając
Submitter
Krzysztof Zając
Submitter website
https://kazet.cc/
Verified
Yes
WPVDB ID
960a634d-a88a-4d90-9ac3-7d24b1fe07fe

Timeline

Publicly Published
2022-02-01 (about 2 years ago)
Added
2022-02-01 (about 2 years ago)
Last Updated
2022-04-13 (about 2 years ago)

Other

Published
Title
Published
2023-11-17
Title
Audio Merchant <= 5.0.4 - Cross-Site Request Forgery to Settings Modifcation and Stored Cross-Site Scripting
Published
2023-11-09
Title
TPG Redirect < 1.0.8 - CSRF
Published
2022-01-24
Title
WP Dependency Installer < 4.3.1 - Arbitrary Plugin Installation from Dependency via CSRF
Published
2023-12-04
Title
SureTriggers < 1.0.24 - Cross-Site Request Forgery
Published
2019-11-26
Title
WP Spell Check < 7.1.10 - Cross-Site Request Forgery (CSRF)