06 Apr

Cross-Site Request Forgery (CSRF) Vulnerability in WP Customer Reviews

We recently discovered the WP Customer Reviews plugin had a cross-site request forgery (CSRF) vulnerability. In version 3.0.8, and some prior versions, the plugin did not insure that actions, including deleting the all of the reviews created in the plugin, were actually made by the requested user with a nonce. Proof Of Concept The following proof of concept will [Read more]

06 Apr

Cross-Site Request Forgery (CSRF)/Cross-Site Scripting (XSS) Vulnerability in WP Customer Reviews

We recently discovered that the WP Customer Reviews plugin had a cross-site request forgery (CSRF)/cross-site scripting (XSS) vulnerability in version 3.0.8, and some prior versions, on the page /wp-admin/admin.php?page=wpcr3_options&tab=form_settings. No nonce is included on the page leading to the CSRF issue. For the XSS issue, in the file /include/admin/wp-customer-reviews-3-admin.php starting on line 180 the input is brought in and there is [Read more]

06 Apr

Reflected Cross-Site Scripting (XSS) Vulnerability in WP Customer Reviews

We recently discovered the WP Customer Reviews plugin had a reflected cross-site scripting (XSS) vulnerability. In version 3.0.8, and some prior versions, the file/include/admin/wp-customer-reviews-3-admin.php was echoing the value of the Support Code input without escaping it. That occurred on line 1151: echo “<br />Running: <strong>{$this->p->wpcr3_debug_code}</strong><br /><br />”; and 1153: print “<br /><strong>{$this->p->wpcr3_debug_code} DONE!</strong><br />”; Proof Of Concept The [Read more]