WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

WordPress Real Cookie Banner < 2.14.2 - Settings Reset via CSRF

Description

The plugin does not have CSRF checks in place when resetting its settings, allowing attackers to make a logged in admin reset them via a CSRF attack

Proof of Concept

https://example.com/wp-admin/admin.php?page=real-cookie-banner-component&rcb-reset-all=1

Affects Plugins

real-cookie-banner
Fixed in version 2.14.2

References

CVE
CVE-2022-0445

Classification

Type

CSRF

OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352

Miscellaneous

Original Researcher

Krzysztof Zając

Submitter

Krzysztof Zając

Submitter website
https://kazet.cc/
Verified

Yes

WPVDB ID
d9f28255-0026-4c42-9e67-d17b618c2285

Timeline

Publicly Published

2022-02-07 (about 3 months ago)

Added

2022-02-07 (about 3 months ago)

Last Updated

2022-04-13 (about 1 months ago)

Our Other Services

WPScan WordPress Security Plugin