CSRF Bypass Vulnerability

  • Shawn Hesketh

    (@shawndh)


    4 years, 8 months ago

    iThemes Security and NinTechNet have reported a CSRF vulnerability in DW Question & Answer version 1.5.7 and below. Link to the report and vulnerable code here.

    Vulnerable nonce: inc/Handle.php#L144

    if ( !isset( $_POST['_wpnonce'] ) && !wp_verify_nonce( esc_html( $_POST['_wpnonce'] ), '_dwqa_edit_answer' ) ) {
   dwqa_add_notice( __( 'Hello, Are you cheating huh?', 'dw-question-answer' ), 'error' );
}

    If $_POST[‘_wpnonce’] is set, it won’t be checked.

    Since this plugin has not been updated in two years, what are the chances we might see an update to address this vulnerability?

The topic ‘CSRF Bypass Vulnerability’ is closed to new replies.