USS Upyun WordPress Plugin Cross-Site Request Forgery Vulnerability

A Cross-Site Request Forgery (CSRF) vulnerability exists in the USS Upyun WordPress plugin, affecting all versions through 1.5.0. The issue arises from inadequate nonce validation in the 'uss_setting_page' function when handling the 'uss_set' form type. This vulnerability allows unauthenticated attackers to alter important Upyun cloud storage settings—such as bucket names, operator credentials, upload paths, and image processing parameters—by sending a forged request that tricks a site administrator into clicking a link.

Impact

Exploitation of this vulnerability could lead to unauthorized changes in Upyun cloud storage settings, potentially allowing attackers to manipulate how files are stored and processed on the server.

Reproduction

To reproduce this vulnerability, an attacker must exploit the missing nonce validation by sending a forged request that includes the 'uss_set' form type. This can be done by tricking a site administrator into clicking a link that activates the request, such as through a phishing email or a malicious website.

Remediation

Users are advised to update the USS Upyun WordPress plugin to version 1.5.1 or later, where this vulnerability has been patched.