CSRF Vulnerability in WordPress Ultimate-Category-Excluder Plugin (CVE-2020-35135) with PoC

Vulnerability Information Vulnerability Overview CVE: CVE-2020-35135 / CX-2020-4294 Status: Published Issue: CSRF in Ultimate-Category-Excluder WordPress Plugin Type: WordPress, CSRF Author: Yaniv Nizry Date: Dec 8, 2020 Summary The Ultimate-Category-Excluder WordPress plugin versions prior to v1.2 are vulnerable to Cross-Site Request Forgery (CSRF) attacks on the page. Product Ultimate-Category-Excluder WordPress plugin, versions prior to v1.2 Impact An administrator visiting a malicious site may unknowingly change the settings of the Ultimate-Category-Excluder plugin. Reproduction Steps 1. On a WordPress installation with the vulnerable Ultimate-Category-Excluder plugin. 2. The administrator visits the following page: Expected Result The administrator’s settings page will be modified according to the attacker’s input. Mitigation Update the Ultimate-Category-Excluder plugin to version 1.2 or higher. Source This vulnerability was discovered and reported by Checkmarx SCA security researcher Yaniv Nizry. Additional Information Severity Rating: 8.8 (High) CVSS Attributes: - Attack Vector: Network - Attack Complexity: Low - Required Privileges: None - User Interaction: Required - Scope: Unchanged - Confidentiality: High - Integrity: High - Availability: High Disclosure Timeline: - Discovery Date: Dec 8, 2020 - Fix Date: Dec 8, 2020 - Public Disclosure Date: Dec 8, 2020

Goal Reached Thanks to every supporter — we hit 100%!

CSRF Vulnerability in WordPress Ultimate-Category-Excluder Plugin (CVE-2020-35135) with PoC