reCAPTCHA Jetpack WordPress Plugin Cross-Site Request Forgery Vulnerability

A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the reCAPTCHA Jetpack WordPress plugin, affecting versions through 0.2.2. The vulnerability arises because the plugin does not implement CSRF protection when updating settings. This lack of validation could enable attackers to exploit a logged-in admin by forcing them to unintentionally change plugin settings.

Impact

Exploitation of this vulnerability could lead to unauthorized changes in plugin settings by manipulating a logged-in admin user.

Reproduction

To reproduce this vulnerability, an admin user must be tricked into opening an HTML page that automatically submits a form. This form should be configured to send a POST request to the WordPress options-general.php page for the reCAPTCHA Jetpack plugin. The form must include hidden fields with the site key, secret key, reCAPTCHA type, and a reset command. Once the form is submitted, the plugin settings will be updated without the admin's consent.