CSRF Bypass Vulnerability
-
iThemes Security and NinTechNet have reported a CSRF vulnerability in DW Question & Answer version 1.5.7 and below. Link to the report and vulnerable code here.
Vulnerable nonce: inc/Handle.php#L144
if ( !isset( $_POST['_wpnonce'] ) && !wp_verify_nonce( esc_html( $_POST['_wpnonce'] ), '_dwqa_edit_answer' ) ) { dwqa_add_notice( __( 'Hello, Are you cheating huh?', 'dw-question-answer' ), 'error' ); }If $_POST[‘_wpnonce’] is set, it won’t be checked.
Since this plugin has not been updated in two years, what are the chances we might see an update to address this vulnerability?
- The topic ‘CSRF Bypass Vulnerability’ is closed to new replies.
