Post Carousel < 2.3.5 – CSRF Bypass / Unauthorised AJAX Calls | Plugin Vulnerabilities

Description

The plugin did not properly check for CSRF in two of its AJAX actions, allowing them to be bypassed. Furthermore, other actions which should only be accessible to admins were missing capability check (but had CSRF checks), and the spf-reset action did not validate that the actions to be delete belong to the plugin. Various versions were released, attempted to fix the issues, v2.3.5 fixing everything

Affects Plugins

Fixed in 2.3.5

References

URL

https://plugins.trac.wordpress.org/changeset/2575092/post-carousel#file328

URL

https://plugins.trac.wordpress.org/changeset/2581230/post-carousel#file285

Classification

Type

CSRF

OWASP top 10

A2: Broken Authentication and Session Management

CWE

CVSS

Miscellaneous

Original Researcher

WPScanTeam

Verified

Yes

WPVDB ID

f728e667-5309-4fd9-9210-e6a89bf15351

Timeline

Publicly Published

2021-08-16 (about 2 years ago)

Added

2021-08-16 (about 2 years ago)

Last Updated

2021-08-16 (about 2 years ago)

Other

Published

Title

Published

2023-09-26

Title

WP Discord Invite < 2.5.1 - Arbitrary Settings Update via CSRF

Published

2014-12-18

Title

Twimp WP <= 0.1 - Multiple CSRF

Published

2024-04-05

Title

Ultimate Maps by Supsystic < 1.2.17 - Cross-Site Request Forgery

Published

2016-04-05

Title

Lightbox Plus < 2.8 - CSRF to XSS

Published

2022-05-06

Title

PNG to JPG < 4.1 - Stored Cross-Site Scripting via CSRF