NS IE Compatibility Fixer WordPress Plugin Cross-Site Request Forgery Vulnerability

A Cross-Site Request Forgery (CSRF) vulnerability exists in the NS IE Compatibility Fixer plugin for WordPress, affecting all versions through 2.1.5. The vulnerability arises from inadequate nonce validation in the settings update process, allowing unauthenticated attackers to alter the plugin's settings by deceiving an administrator into clicking a link.

Impact

Exploitation of this vulnerability could lead to unauthorized changes in the plugin's settings, potentially causing misconfigurations or enabling further attacks.

Reproduction

To reproduce this vulnerability, an attacker must craft a request that exploits the missing nonce validation. This can be done by tricking an administrator into clicking a link that contains the forged request to update the plugin's settings. The absence of a valid nonce allows the request to be processed, resulting in a CSRF attack.