EZ SQL Reports Shortcode Widget and DB Backup WordPress Plugin Cross-Site Request Forgery Vulnerability
Vulnerability
A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the EZ SQL Reports Shortcode Widget and DB Backup plugin for WordPress, affecting versions 4.11.13 prior to 5.25.08. The vulnerability arises from inadequate nonce validation in the 'ELISQLREPORTS_menu' function, allowing unauthenticated attackers to execute code on the server by tricking a site administrator into clicking a link. Although version 5.25.10 has introduced a nonce check, the vulnerability remains exploitable by administrators.
Impact
Exploitation of this vulnerability could lead to unauthorized code execution on the server.
Reproduction
To reproduce this vulnerability, an attacker must craft a request that exploits the missing nonce validation. This can be done by tricking an administrator into clicking a link that triggers the 'ELISQLREPORTS_menu' function without a valid nonce, thereby executing the attacker's code on the server.
Remediation
Users are advised to update the EZ SQL Reports Shortcode Widget and DB Backup plugin to version 5.25.10 or later.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.