[Plugin: Cross-linker] CSRF security issue?

  • rene-schmidt

    (@rene-schmidt)


    13 years, 7 months ago

    Hello,

    I think there is a small CSRF security issue in line 774:

    if($_REQUEST[‘del_word’]!=”)
    {
    $del_me = $_REQUEST[‘del_word’];
    $wpdb->query(“DELETE FROM $table_name WHERE id = ‘”.$del_me.”‘;”);
    $table_name_attrs = $wpdb->prefix . $table_crosslink_attrb;
    $wpdb->query(“DELETE FROM $table_name_attrs WHERE id = ‘”.$del_me.”‘;”);
    }

    An attacker could trick a logged in Cross-Linker user into deleting all hyperlinked words.

    To fix, add

    check_admin_referer();

    before

    $del_me = $_REQUEST[‘del_word’];

    Have fun
    http://www.reneschmidt.de/

    http://wordpress.org/extend/plugins/cross-linker/

  • The topic ‘[Plugin: Cross-linker] CSRF security issue?’ is closed to new replies.

Tags