WP-Members <= 3.2.7 - Cross-Site Request Forgery (CSRF)



Description
No CSRF Protection on Add new Fields. 

Can also Edit and Delete fields the same way.
Proof of Concept
1.Download csrf_wp-members.html
2.Change URL in html file.(FORM ACTION).
3.Submit Request.

Video POC : https://drive.google.com/file/d/1TuJK0NjxznjTDmoJF5wbGu2vMA_XXikw/view?usp=sharing
HTML_FILE : https://drive.google.com/file/d/131SkyhmXfOZeZV8ph6Y8QOaSVG3WxvdZ/view?usp=sharing
 

Affects Plugin

fixed in version 3.2.8.1

References

CVE 2019-15660
URL https://plugins.trac.wordpress.org/changeset?reponame=&new=2107103%40wp-members&old=2100770%40wp-members

Classification

Type CSRF
CWE CWE-352

Miscellaneous

Original Researcher m0ns7er
Submitter Akash Labade
Submitter Website https://www.asfaleia.tech
Submitter Twitter akash_labade
Views 3346
Verified Yes
WPVDB ID 9339

Timeline

Publicly Published 2019-06-13 (5 months ago)
Added 2019-06-14 (5 months ago)
Last Updated 2019-08-27 (3 months ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin