CVE-2023-7202 – Fatal Error Notify – Error Email Sending CSRF

In the process of scrutinizing the Fatal Error Notify plugin for WordPress, a Cross-Site Request Forgery (CSRF) vulnerability was unearthed. This flaw permits an unauthorized user to manipulate requests on behalf of the victim, enabling the attacker to send erroneous error messages via email. The exploit can involve sending a large volume of HTML-coded messages to the victim’s email, potentially causing disruption and spamming issues. Furthermore, the repeated suspicious activity might lead to the blocking of the WordPress site’s email.

Main info:

CVE	CVE-2023-7202
Plugin	Fatal Error Notify < 1.5.3
Critical	Medium
All Time	67 768
Active installations	8 000+
Publicly Published	January 29, 2023
Last Updated	January 29, 2023
Researcher	Dmtirii Ignatyev
OWASP TOP-10	A5: Broken Access Control
PoC	Yes
Exploit	No
Reference	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-7202 https://wpscan.com/vulnerability/d923ba5b-1c20-40ee-ac69-cd0bb65b375a/
Plugin Security Certification by CleanTalk

Timeline

November 22, 2023	Plugin testing and vulnerability detection in the Fatal Error Notify have been completed
November 22, 2023	I contacted the author of the plugin and provided a vulnerability PoC with a description and recommendations for fixing
January 8, 2023	The author fixed the vulnerability and released the plugin update
January 20, 2023	Registered CVE-2023-7202

Discovery of the Vulnerability

During testing of the plugin, a CSRF vulnerability was found, which allows an unauthorized user to manipulate requests on behalf of the victim and thereby send emails to his email about wordpress site errors. He can make a very large HTML code that sends 100 messages to the victim’s email, thereby spamming him and secondly, because of suspicious activity, he can block the email of wordpress site

Understanding of CSRF attack’s

Cross-Site Request Forgery is an attack where an attacker tricks a victim into performing undesired actions on a web application in which they are authenticated. In the context of WordPress, CSRF vulnerabilities typically involve manipulating requests that trigger actions within the application, often without the victim’s knowledge.

In this case, the CSRF vulnerability in Fatal Error Notify allows an attacker to forge requests that send error messages via email. A real-world example could be the creation of a malicious webpage or email containing crafted requests that, when executed by an authenticated user, result in unauthorized emails being sent without their consent.

Exploiting the Missing Authorization Vulnerability

Exploiting the CSRF vulnerability in Fatal Error Notify involves crafting malicious requests that leverage the victim’s authenticated session. The attacker could create a webpage or email containing hidden forms or JavaScript code that, when executed by an authenticated user, initiates requests to send erroneous error messages via email. This can lead to spamming the victim’s email and potential issues such as email blocking due to suspicious activity.

POC:

<html>
  <body>
  <script>history.pushState('', '', '/')</script>
    <form action="https://your_site/wp-admin/admin-ajax.php" method="POST">
      <input type="hidden" name="action" value="test&#95;error" />
      <input type="submit" value="Submit request" />
    </form>
    <script>
      document.forms[0].submit();
    </script>
  </body>
</html>

The potential risks associated with this vulnerability are significant. An attacker exploiting this flaw could send a large volume of misleading error messages to the victim’s email, causing disruption and potentially overwhelming the email server. Moreover, the repeated sending of suspicious error messages might trigger automated security measures, leading to the blocking of the WordPress site’s email functionality.

In a real-world scenario, an attacker might craft a phishing email or lure victims to a malicious website, triggering CSRF requests that send erroneous error messages without their knowledge.

Recommendations for Improved Security

To enhance the security of the Fatal Error Notify plugin and mitigate the CSRF vulnerability:

• CSRF Tokens: Implement CSRF tokens in forms and requests to ensure that actions initiated by users are legitimate.
• Email Rate Limiting: Implement rate limiting for email notifications to prevent abuse and spamming.
• User Confirmation: Incorporate mechanisms for user confirmation before executing critical actions, especially those involving email notifications.
• Security Headers: Utilize security headers such as Content Security Policy (CSP) to mitigate the risk of malicious code execution.
• Regular Security Audits: Conduct routine security audits to identify and address vulnerabilities, including those related to CSRF.

By adopting these recommendations, the Fatal Error Notify plugin can bolster its security defenses, prevent unauthorized email notifications, and safeguard WordPress installations from CSRF-related exploits.

#WordPressSecurity #MissingAuthorization #WebsiteSafety #StayProtected #MediumVulnerability

Use CleanTalk solutions to improve the security of your website

DMITRII I.