Custom Banners < 3.3 – CSRF Nonce Bypass in saveCustomFields | CVE 2021-4407

Description

The plugin did not properly check the CSRF nonce in the saveCustomFields() method, which could allow attackers to make a logged in user with the edit_post capability to save custom fields in a post.

Numerous sanitisation fixes were also added to v3.3

Proof of Concept

Send a request without the my-custom-fields_wpnonce to bypass the nonce check

Affects Plugins

custom-banners

Fixed in 3.3

References

CVE

CVE-2021-4407

URL

https://plugins.trac.wordpress.org/changeset/2473385

URL

https://plugins.trac.wordpress.org/changeset/2475968

URL

https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1/

Classification

Type

CSRF

OWASP top 10

A2: Broken Authentication and Session Management

CWE

CWE-352

CVSS

4.3 (medium)

Miscellaneous

Original Researcher

Jerome Bruandet (nintechnet.com)

Submitter

WPScanTeam

Verified

Yes

WPVDB ID

f3cd3d22-ea5d-46da-83dd-4717043251e2

Timeline

Publicly Published

2021-02-17 (about 5 years ago)

Added

2021-02-17 (about 5 years ago)

Last Updated

2023-07-12 (about 2 years ago)

Other

Published

Title

Published

2025-02-17

Title

SpeedSize Image & Video AI-Optimizer < 1.5.2 - Cross-Site Request Forgery to Clear Cache

Published

2022-08-10

Title

Gallery PhotoBlocks < 1.2.9 - Cross-Site Request Forgery

Published

2021-06-28

Title

Edwiser Bridge < 2.0.7 - Cross-Site Request Forgery

Published

2025-05-07

Title

Product Quantity Dropdown For Woocommerce < 1.3 - Cross-Site Request Forgery

Published

2025-07-16

Title

WP Post Hide < 1.1.0 - Cross-Site Request Forgery