WP-PostRatings Plugin up to 1.86.0 on WordPress postratings-options.php postratings_image cross-site request forgery

Summaryinfo

A vulnerability has been found in WP-PostRatings Plugin up to 1.86.0 on WordPress and classified as problematic. This impacts an unknown function of the file wp-admin/admin.php?page=wp-postratings/postratings-options.php. This manipulation of the argument postratings_image causes cross-site request forgery. This vulnerability is tracked as CVE-2021-25117. The attack is possible to be carried out remotely. No exploit exists. The affected component should be upgraded.

Detailsinfo

A vulnerability has been found in WP-PostRatings Plugin up to 1.86.0 on WordPress (WordPress Plugin) and classified as problematic. Affected by this vulnerability is an unknown part of the file wp-admin/admin.php?page=wp-postratings/postratings-options.php. The manipulation of the argument postratings_image with an unknown input leads to a cross-site request forgery vulnerability. The CWE definition for the vulnerability is CWE-352. The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request. As an impact it is known to affect integrity. The summary by CVE is:

The WP-PostRatings WordPress plugin before 1.86.1 does not sanitise the postratings_image parameter from its options page (wp-admin/admin.php?page=wp-postratings/postratings-options.php). Even though the page is only accessible to administrators, and protected against CSRF attacks, the issue is still exploitable when the unfiltered_html capability is disabled.

The weakness was disclosed 01/16/2024 by Park Won Seok. The advisory is shared at wpscan.com. This vulnerability is known as CVE-2021-25117 since 01/14/2021. It demands that the victim is doing some kind of user interaction. Technical details are known, but no exploit is available.

By approaching the search of inurl:wp-admin/admin.php?page=wp-postratings/postratings-options.php it is possible to find vulnerable targets with Google Hacking.

Upgrading to version 1.86.1 eliminates this vulnerability.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Productinfo

Type

• WordPress Plugin

Name

• WP-PostRatings Plugin

Version

• 1.0
• 1.1
• 1.2
• 1.3
• 1.4
• 1.5
• 1.6
• 1.7
• 1.8
• 1.9
• 1.10
• 1.11
• 1.12
• 1.13
• 1.14
• 1.15
• 1.16
• 1.17
• 1.18
• 1.19
• 1.20
• 1.21
• 1.22
• 1.23
• 1.24
• 1.25
• 1.26
• 1.27
• 1.28
• 1.29
• 1.30
• 1.31
• 1.32
• 1.33
• 1.34
• 1.35
• 1.36
• 1.37
• 1.38
• 1.39
• 1.40
• 1.41
• 1.42
• 1.43
• 1.44
• 1.45
• 1.46
• 1.47
• 1.48
• 1.49
• 1.50
• 1.51
• 1.52
• 1.53
• 1.54
• 1.55
• 1.56
• 1.57
• 1.58
• 1.59
• 1.60
• 1.61
• 1.62
• 1.63
• 1.64
• 1.65
• 1.66
• 1.67
• 1.68
• 1.69
• 1.70
• 1.71
• 1.72
• 1.73
• 1.74
• 1.75
• 1.76
• 1.77
• 1.78
• 1.79
• 1.80
• 1.81
• 1.82
• 1.83
• 1.84
• 1.85
• 1.86.0

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Discussion