WordPress Plugin Vulnerabilities

Easy Digital Downloads < 3.0 - Arbitrary Post Deletion via CSRF

Description

The plugin does not have CSRF check in place when deleting payment history, and does not ensure that the post to be deleted is actually a payment history. As a result, attackers could make a logged in admin delete arbitrary post via a CSRF attack

Proof of Concept

https://example.com/wp-admin/edit.php?post_type=download&page=edd-payment-history&payment%5B0%5D=1&payment%5B1%5D=2&action=delete

Affects Plugins

easy-digital-downloads

Fixed in version 3.1.0.2

References

CVE

CVE-2022-2387

Classification

Type

CSRF

OWASP top 10

A2: Broken Authentication and Session Management

CWE

CWE-352

Miscellaneous

Original Researcher

Krzysztof Zając

Submitter

Krzysztof Zając

Submitter website

https://kazet.cc/

Submitter twitter

kazet1234

Verified

Yes

WPVDB ID

db3c3c78-1724-4791-9ab6-ebb2e8a4c8b8

Timeline

Publicly Published

2022-10-17 (about 3 months ago)

Added

2022-10-17 (about 3 months ago)

Last Updated

2022-10-17 (about 3 months ago)

Our Other Services

WPScan WordPress Security Plugin