WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

Multiple Plugins/Themes - Cross-Site Request Forgery (CSRF)

Description

NinTechNet discovered multiple WordPress plugins and themes vulnerable to Cross-Site Request Forgery (CSRF).

The items only check the CSRF nonce if it has been provided, making them vulnerable to CSRF attacks if the nonce is removed. This is due to the confusing use of logic operators when verifying the nonces.

Affects Plugins

cartflows
Fixed in version 1.5.16
paid-memberships-pro
Fixed in version 2.4.3
cool-timeline
Fixed in version 2.0.3
custom-field-template
Fixed in version 2.5.2
ecommerce-product-catalog
Fixed in version 2.9.44
notificationx
Fixed in version 1.8.3
post-type-x
Fixed in version 1.5.13
coupon-creator
Fixed in version 3.1.1
radio-buttons-for-taxonomies
Fixed in version 2.0.6
menu-swapper
Fixed in version 1.1.1

Affects Themes

customizr
Fixed in version 4.3.3
hueman
Fixed in version 3.6.4

References

URL
https://blog.nintechnet.com/25-wordpress-plugins-vulnerable-to-csrf-attacks/
URL
https://blog.nintechnet.com/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks/

Classification

Type

CSRF

OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352

Miscellaneous

Original Researcher

Jerome Bruandet (nintechnet)

Verified

No

WPVDB ID
aa47a464-af97-43bc-b6cb-75a08ce3ece7

Timeline

Publicly Published

2020-09-16 (about 2 years ago)

Added

2020-09-16 (about 2 years ago)

Last Updated

2020-10-02 (about 2 years ago)

Our Other Services

WPScan WordPress Security Plugin