DX Unanswered Comments WordPress Plugin Cross-Site Request Forgery Vulnerability

A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the DX Unanswered Comments plugin for WordPress, affecting all versions through 1.7. The issue arises from a lack of nonce validation on the plugin's settings form, allowing unauthenticated attackers to manipulate plugin settings, such as the authors list and comment count. This can be achieved by deceiving a site administrator into clicking a link that triggers the malicious request.

Impact

Exploitation of this vulnerability allows for Cross-Site Request Forgery, where an attacker can trick a user into performing actions they did not intend to, potentially leading to unauthorized changes in plugin settings.

Reproduction

To reproduce this vulnerability, an attacker must craft a request that exploits the missing nonce validation in the plugin's settings form. This request should be designed to modify the 'dxuc_authors_list' or 'dxuc_comment_count' settings. The attacker must then persuade a site administrator to click a link or perform an action that triggers this forged request, thereby exploiting the CSRF vulnerability.

Remediation

Users are advised to update to version 1.8 of the DX Unanswered Comments WordPress plugin, where this vulnerability has been patched.