CVE-2023-5945 - Cross-Site Request Forgery in Video Carousel Slider with Lightbox Plugin for WordPress v1.

A vulnerability has been discovered in the popular WordPress plugin, Video Carousel Slider with Lightbox, version 1.. The vulnerability, identified as CVE-2023-5945, is a Cross-Site Request Forgery (CSRF) vulnerability that could potentially enable unauthenticated attackers to delete videos hosted on the video slider by tricking a site administrator into performing certain actions. This vulnerability occurs due to missing or incorrect nonce validation within the plugin's responsive_video_gallery_with_lightbox_video_management_func() function.

In this post, we will dive deeper into the detail of the exploit, present code snippets, and provide original references to understand the issue better and protect your website from potential attacks.

Exploit Details

The Video Carousel Slider with Lightbox plugin for WordPress v1. contains a vulnerability that arises as a result of improper nonce validation. Nonce validation is a critical security feature that helps WordPress prevent unauthorized and duplicate requests. The plugin's responsive_video_gallery_with_lightbox_video_management_func() function is found to have missing or incorrect nonce validation, making it a potential target for CSRF attacks.

The attacker could exploit this vulnerability by crafting a malicious link or website in an attempt to trick a site administrator into clicking on it. Upon clicking the link, the site administrator unknowingly sends a forged request, which, in turn, deletes a video hosted on the video slider without the admin's knowledge.

Here’s a code snippet that shows the absence of proper nonce validation in the plugin

function responsive_video_gallery_with_lightbox_video_management_func(){
  global $wpdb;
  if(isset($_POST['delete']))
    {
        ...
    }
}

As shown in the code snippet, there's no nonce check when the delete POST parameter is set.

Mitigation Steps

To protect your website from this vulnerability, the first step you should take is to update the Video Carousel Slider with Lightbox plugin to the latest version available. It is essential to keep all plugins and themes updated to the newest versions, as these updates often include security patches for known vulnerabilities.

Additionally, you can apply the following code changes as a temporary fix to address the issue

function responsive_video_gallery_with_lightbox_video_management_func(){
  global $wpdb;
  if(isset($_POST['delete']))
    {
        // Add nonce check for the delete POST parameter
        check_admin_referer('video_gallery_slider_with_lightbox_delete_video_' . $_POST['id'], 'vg_video_nonce');
        ...
    }
}

In this modified code snippet, the check_admin_referer() function adds a proper nonce check for the delete POST parameter, thus preventing CSRF attacks.

For more information about this vulnerability and its consequences, check the following resources

1. National Vulnerability Database (NVD) - CVE-2023-5945
2. WordPress Plugin Repository - Video Carousel Slider with Lightbox

Conclusion

In conclusion, we've seen from this post the impact CVE-2023-5945 can have on the security of your WordPress website. To safeguard your site, it is recommended to always keep your plugins and themes updated to the latest versions. Furthermore, apply the temporary fix to the vulnerable function until an official patch is released.

Stay vigilant and always prioritize the security of your WordPress website to ensure its smooth functioning and maintain the trust of your users.

Timeline

Published on: 11/03/2023 13:15:08 UTC
Last modified on: 11/13/2023 19:20:37 UTC