Recooty WordPress Plugin Cross-Site Request Forgery Vulnerability

A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the Recooty – Job Widget (Old Dashboard) plugin for WordPress, affecting all versions through 1.0.6. The vulnerability arises from a lack of nonce validation in the 'recooty_save_maybe()' function, allowing unauthenticated attackers to manipulate the 'recooty_key' option. Exploitation involves injecting malicious content into iframe source attributes via a forged request, potentially tricking a site administrator into clicking a link.

Impact

Exploitation of this vulnerability allows for Cross-Site Request Forgery, where an attacker can trick a user into performing actions they did not intend to, such as updating settings with malicious content.

Reproduction

To reproduce this vulnerability, an attacker must create a forged request that exploits the missing nonce validation in the 'recooty_save_maybe()' function. This request should aim to update the 'recooty_key' option with a value that includes malicious content intended for an iframe. The attacker must then trick a site administrator into clicking a link that activates this forged request, such as through a phishing email or a compromised website.

Remediation

No known patch is available for this vulnerability. It is recommended to review the vulnerability details and consider uninstalling the affected plugin.