[wp-trac] [WordPress Trac] #57451: Cross Site Request Forgery on Admin of any wordpress site to export files

WordPress Trac noreply at wordpress.org
Mon Mar 20 04:34:24 UTC 2023 

#57451: Cross Site Request Forgery on Admin of any wordpress site to export files
--------------------------+------------------------------
 Reporter:  f41z4n        |       Owner:  (none)
     Type:  defect (bug)  |      Status:  new
 Priority:  normal        |   Milestone:  Awaiting Review
Component:  Export        |     Version:
 Severity:  minor         |  Resolution:
 Keywords:  needs-patch   |     Focuses:  administration
--------------------------+------------------------------

Comment (by f41z4n):

 Hi @johnbillion @sabernhardt , Wordfence Team has agreed to issue a CVE
 for this missing CSRF check once this vulnerability gets patched in the
 core. May I have an estimated timeline, as the vulnerability is already
 publicly exposed here in the tracker?

 More potential Impact:

 1) An IT admin running a wordpress on VPS and using the same VPS to login
 to the wordpress backend , when he clicks on this link, he will download
 the file to VPS, unwanted. VPS can be limited in storage as its main
 purpose is to run the application, for storage IT admins often attack
 additional storage medias, like S3 in amazon, which is separate from the
 host application machine. A significant number of downloads of a large log
 file( increase the amount of duration for logs in CSRF link will create a
 huge size log file) will degrade the performance of VPS cause it now has
 less space to run the application itself.

 2) An IT admin who is logged in wordpress from his own PC. If an attacker
 sends him a crafted link that can open 10 tabs at once and all together
 start downloading his wordpress log files, it might get little problematic
 for him.And if his IT team use to check logs of WordPress- this is
 generally part of audits, where you check the activity of admin users,
 this might land him in tough times, as to why did he initiate the log
 downloads when he wasn’t supposed to. Further this will definitely also
 occupy space on his laptop too. A significant log file and downloads might
 occupy a huge space which can become an issue for the end user cause he
 needs to manually remove the file from his pc for a download he didn’t
 initiate.

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/57451#comment:3>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list