WordPress Plugin Curtain Cross-Site Request Forgery Vulnerability

A cross-site request forgery (CSRF) vulnerability has been identified in the WordPress Plugin Curtain version 1.0.2. This vulnerability allows attackers to manipulate the site's maintenance mode by sending crafted requests. Exploitation involves tricking authenticated administrators into submitting these forged requests to the options-general.php page, using specific curtain parameters to toggle maintenance mode. The vulnerability arises from the absence of proper nonce validation, which is crucial for verifying the authenticity of requests.

Impact

Exploitation of this vulnerability allows for unauthorized changes to the site's maintenance mode, potentially disrupting normal site operations.

Reproduction

To reproduce this vulnerability, an authenticated administrator must be tricked into clicking a link or submitting a form that sends a request to the options-general.php page with the curtain parameters. The request must include a mode value of 0 to deactivate maintenance mode, or 1 to activate it. Because the plugin does not validate nonces, this request will be processed as if it were a legitimate action by the administrator.