Centangle-Team WordPress Plugin Cross-Site Request Forgery Vulnerability

A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the Centangle-Team plugin for WordPress, affecting all versions through 1.0.0. The vulnerability arises from inadequate nonce validation, allowing unauthenticated attackers to manipulate the plugin's settings by tricking a site administrator into clicking a link. Furthermore, the vulnerability is compounded by poor input sanitization and output escaping for the 'cai_name_color' parameter, which could be exploited to inject arbitrary web scripts into pages, executing them when a user accesses the modified page.

Impact

Exploitation of this vulnerability could lead to unauthorized changes in the plugin's settings and the injection of malicious scripts that are executed by users.

Reproduction

To reproduce this vulnerability, an attacker must craft a request that exploits the missing nonce validation. This request should be designed to modify the plugin's settings. The attacker must then trick an administrator into clicking a link that activates this forged request. Once the request is processed, the 'cai_name_color' parameter can be used to inject scripts, which will run when the injected page is accessed.