WordPress Plugin Vulnerabilities

Legal Pages < 1.3.9 - Cross-Site Request Forgery via moveToTrash and fetch_and_insert_template_data

Description

The Legal Pages plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.8. This is due to missing or incorrect nonce validation on the moveToTrash and fetch_and_insert_template_data functions. This makes it possible for unauthenticated attackers to trash posts and insert template data via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Affects Plugins

Plugin icon
legal-pages
Fixed in 1.3.9

References

CVE
CVE-2023-47824
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/6fb9c8c3-e491-4bca-adeb-b87d9f8f3b32

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
5.4 (medium)

Miscellaneous

Original Researcher
Brandon James Roldan (tomorrowisnew)
Verified
No
WPVDB ID
e9c6f16c-9ab8-4ea0-81fe-fbc0c8005aa3

Timeline

Publicly Published
2023-11-16 (about 2 years ago)
Added
2023-11-23 (about 2 years ago)
Last Updated
2024-01-22 (about 2 years ago)

Other

Published
Title
Published
2024-04-05
Title
Sign-up Sheets < 2.2.12 - Cross-Site Request Forgery
Published
2023-07-11
Title
WPAdmin AWS CDN < 3.0.0 - Cross-Site Request Forgery
Published
2025-03-24
Title
Simple Optimizer <= 1.2.7 - Cross-Site Request Forgery
Published
2025-01-16
Title
OrangeBox <= 3.0.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting
Published
2023-06-22
Title
Metform Elementor Contact Form Builder < 3.3.3 - Cross-Site Request Forgery