Insert Headers And Footers WordPress Plugin Cross-Site Request Forgery Vulnerability

A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the Insert Headers And Footers plugin for WordPress, affecting all versions through 3.1.1. The vulnerability arises from inadequate nonce validation in the 'wp_headers_and_footers_set_option' function, allowing unauthenticated attackers to manipulate arbitrary options on a WordPress site. Exploitation requires tricking an administrator into clicking a link, which could be used to change the default registration role to administrator, potentially granting admin access to the attacker. The 'WPBRIGADE_SDK__DEV_MODE' constant must be set to 'true' for the exploit to work.

Impact

Exploitation of this vulnerability could lead to unauthorized users gaining administrative access on the affected WordPress site.

Reproduction

To reproduce this vulnerability, an attacker must send a forged request to a WordPress site using the vulnerable plugin version. This request must include the 'set_option_name' and 'option_value' parameters, as well as a nonce that is not properly validated. If successful, the request will update the specified option on the site, potentially allowing the attacker to gain administrative access.

Remediation

Users are advised to update the Insert Headers And Footers plugin to version 3.1.2 or later.