WordPress Plugin Vulnerabilities

Jetpack CRM < 5.4.0 - PHAR Deserialisation via CSRF

Description

The plugin does not have CSRF proper check in step 2 and 3 of the zeroBSCRM_CSVImporterLitehtml_app function, which then call file_exists() on user input, which could allow unauthenticated users to perform PHAR Deserialisation attacks if they can upload a malicious file using a gadget chain, and then make a logged in admin open a page or link.

Affects Plugins

Plugin icon
zero-bs-crm
Fixed in 5.4.0

References

CVE
CVE-2022-3342

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
7.5 (high)

Miscellaneous

Original Researcher
Ramuel Gall
Verified
No
WPVDB ID
a6510cde-fc7a-44c0-a1b4-6600320f91ff

Timeline

Publicly Published
2023-04-18 (about 2 years ago)
Added
2023-06-21 (about 2 years ago)
Last Updated
2023-06-22 (about 2 years ago)

Other

Published
Title
Published
2024-04-12
Title
Ads.txt Admin <= 1.3 - Cross-Site Request Forgery
Published
2014-08-01
Title
WP-TopBar 4.02 - TopBar Message Manipulation CSRF
Published
2025-01-24
Title
Call Now Button < 1.4.14 - Cross-Site Request Forgery
Published
2025-04-22
Title
affiliate-toolkit < 3.7.4 - Cross-Site Request Forgery
Published
2025-04-09
Title
AF Tell a Friend <= 1.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting