NewsPlugin < 1.1.0 – CSRF to Stored Cross-Site Scripting | CVE 2021-34631

Description

The NewsPlugin WordPress plugin is vulnerable to Cross-Site Request Forgery via the handle_save_style function found in the ~/news-plugin.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0.18.

Note: v1.1.0 Added CSRF to the affected function, but seems to be missing proper authorisation

Proof of Concept

The PoC will be displayed once the issue has been remediated.

Affects Plugins

newsplugin

Fixed in 1.1.0

References

CVE

CVE-2021-34631

URL

https://www.wordfence.com/vulnerability-advisories/#CVE-2021-34631

Classification

Type

CSRF

OWASP top 10

A2: Broken Authentication and Session Management

CWE

CWE-352

CVSS

8.8 (high)

Miscellaneous

Original Researcher

Taichi Ichimura

Submitter

Wordfence

Submitter website

https://wordfence.com

Verified

WPVDB ID

c358b00f-489f-4537-9750-07a9487ac8d9

Timeline

Publicly Published

2021-07-21 (about 4 years ago)

Added

2021-07-21 (about 4 years ago)

Last Updated

2023-01-24 (about 3 years ago)

Other

Published

Title

Published

2023-08-16

Title

WooCommerce PDF Invoice Builder < 1.2.91 - Invoice Fields Creation via CSRF

Published

2023-06-02

Title

Online Booking & Scheduling Calendar for WordPress by vcita < 4.5.2 - Denial of Service via CSRF

Published

2023-02-20

Title

CSS JS Manager < 2.4.49.1 - Multiple CSRF

Published

2023-09-18

Title

Website Builder by SeedProd < 6.15.15.3 - Arbitrary Settings Update via CSRF

Published

2023-10-03

Title

WP Power Stats <= 2.2.3 - CSRF