C‌SRF v‌ulner‌abili‌ty in‌ allo‌ws ma‌licio‌us us‌ers t‌o mak‌e fak‌e pos‌ts. Affected URL: /wp-comments-post.php

Warning: Incorrectly following these instructions could cause damage to your site. Always back up your files and database before attempting a manual fix. If you are not comfortable editing code, we can automatically fix the vulnerability for you! Simply use the ”Automatic Fix” button on your dashboard.

CSRF vulnerability is possible to execute, because WordPress comment system does not check the source.

Please back up your website before making this change, as we cannot be responsible for problems that occur during this manual fix.

  1. Login to your WordPress FTP
  2. Go to WordPress root directory
  3. Backup the wp-comments-post.php file
  4. Edit the wp-comments-post.php file
  5. Find the line, that begins with “/** Sets up the WordPress Environment. */”
  6. Prepend that line with the next code:
    if ( ! isset( $_SERVER[ "HTTP_REFERER" ] ) )
    $referrer_url = $_SERVER[ "HTTP_REFERER" ];
    $server_name = str_replace( "." , "\." , $_SERVER[ "HTTP_HOST" ] );	
    /*Escape the dots for following regexp search */
    $server_name = str_replace( '/' , '\/' , $server_name );	
    /*Escape the '/' for following regexp search */
    $referr_pattern = "/^((http(s)?):\/\/)?(www.)?$server_name/";
    if ( ! preg_match( $referr_pattern, $referrer_url ) )
  7. Save
  8. Done

Posted on December 9, 2013, in Web Dev. Bookmark the permalink. Leave a comment.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: