CVE-2012-10012 - Vulnerability Found in BestWebSoft Facebook Like Button up to 2.13 Leading to Cross-Site Request Forgery

Attention all users of the popular WordPress plugin, BestWebSoft Facebook Like Button! A significant vulnerability has been found in versions up to 2.13, which has been classified as problematic. If left unpatched, this vulnerability may lead to cross-site request forgery (CSRF), allowing attackers to maliciously exploit your website. Read on for details about this vulnerability, along with steps to patch and secure your site.

The affected component is the function fcbk_bttn_plgn_settings_page, which can be found in the file facebook-button-plugin.php. The manipulation involved in this vulnerability allows malicious actors to perform CSRF attacks. It is important to note that this attack can be initiated remotely, without the attacker having physical access to your site or server.

To better understand the issue, let's take a look at a code snippet from the vulnerable file

function fcbk_bttn_plgn_settings_page() {
  ...
  if( isset( $_REQUEST['fcbk_bttn_plgn_form_submit'] ) && check_admin_referer( 'fcbk_bttn_plgn_nonce_name', 'fcbk_bttn_plgn_nonce_field' ) ) {
    ...
  }
  ...
}

The vulnerability stems from the improper handling of the nonce field in this code, which allows a CSRF attack to be executed.

For all users of the BestWebSoft Facebook Like Button plugin up to version 2.13, it is highly recommended that you apply a patch to fix this issue. The patch associated with this vulnerability is labeled as 33144ae5a45ed07efe7fceca901d91365fdbf7cb.

You can find more details and the original references to this vulnerability by visiting the following links:
1. Vulnerability Database Entry
2. Patch 33144ae5a45ed07efe7fceca901d91365fdbf7cb

The associated identifier for this vulnerability is VDB-225355. Be sure to check the vulnerability database for any updates or further information related to this issue.

In conclusion, the CVE-2012-10012 vulnerability is a critical issue affecting the BestWebSoft Facebook Like Button plugin, versions up to 2.13. It exposes your website to potential CSRF attacks that can be performed remotely. To protect your site and its users, apply the patch 33144ae5a45ed07efe7fceca901d91365fdbf7cb immediately, and always keep your plugins up-to-date to ensure maximum security.

Timeline

Published on: 04/10/2023 00:15:00 UTC
Last modified on: 04/13/2023 19:49:00 UTC