WP Responsive Popup + Optin Cross-Site Request Forgery Vulnerability

A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the WP Responsive Popup + Optin plugin for WordPress, affecting all versions through 1.4. The vulnerability arises because the settings form on the admin page lacks proper nonce generation and verification. This flaw allows unauthenticated attackers to manipulate plugin settings, including the 'wpo_image_url' parameter, by tricking a site administrator into clicking a link.

Impact

Exploitation of this vulnerability allows for Cross-Site Request Forgery, enabling attackers to manipulate plugin settings. Additionally, according to Wordfence, this vulnerability could lead to stored Cross-Site Scripting.

Reproduction

To reproduce this vulnerability, an attacker must send a forged request to the WordPress site, targeting the WP Responsive Popup + Optin plugin's settings form. This can be done by tricking an administrator into clicking a link that carries the malicious request, taking advantage of the absence of nonce verification in the form.

Remediation

No known patch is available. It is recommended to uninstall the affected plugin and find a replacement.