WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

Custom Banners < 3.3 - CSRF Nonce Bypass in saveCustomFields

Description

The plugin did not properly check the CSRF nonce in the saveCustomFields() method, which could allow attackers to make a logged in user with the edit_post capability to save custom fields in a post.

Numerous sanitisation fixes were also added to v3.3

Proof of Concept

Send a request without the my-custom-fields_wpnonce to bypass the nonce check

Affects Plugins

custom-banners
Fixed in version 3.3

References

URL
https://plugins.trac.wordpress.org/changeset/2473385
URL
https://plugins.trac.wordpress.org/changeset/2475968
URL
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1/

Classification

Type

CSRF

OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352

Miscellaneous

Original Researcher

Jerome Bruandet (nintechnet.com)

Submitter

WPScanTeam

Verified

Yes

WPVDB ID
f3cd3d22-ea5d-46da-83dd-4717043251e2

Timeline

Publicly Published

2021-02-17 (about 2 years ago)

Added

2021-02-17 (about 2 years ago)

Last Updated

2021-03-07 (about 2 years ago)

Our Other Services

WPScan WordPress Security Plugin