Sorry, I am not able to visit the given URL.
Can you please give me the correct URL? so, I can deeply investigate it.
I have investigated the feature for the CSRF issue, but not been able to find any security vulnerability for this feature.
Thank you.
Th link hiver thé following éléments
Affects Plugins
disable-right-click-for-wp
No known fix
References
CVE
CVE-2022-29427
Classification
Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
Miscellaneous
Original Researcher
Rasi Afeef
Verified
Yes
WPVDB ID
e4ae4efb-ed4f-48a4-a4c2-80ed9a59e468
Timeline
Publicly Published
2022-05-04 (about 5 months ago)
Added
2022-05-21 (about 5 months ago)
Last Updated
2022-05-21 (about 5 months ago)
Our Other Services
WPScan WordPress Security Plugin
Hi,
It looks like you are referring to a different plugin, I believe this plugin is the one you are looking for: https://wpscan.com/ and this is their forum: https://ww.wp.xz.cn/support/plugin/wpscan/
Hello,
Jetpack boost says that
Disable Right Click For WP <= 1.1.6 – Arbitrary Settings Update via CSRF
What is the problem?
The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
References
CVE
CVE-2022-29427
Classification
Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
Miscellaneous
Original Researcher
Rasi Afeef
Verified
Yes
WPVDB ID
e4ae4efb-ed4f-48a4-a4c2-80ed9a59e468
Timeline
Publicly Published
2022-05-04 (about 5 months ago)
Added
2022-05-21 (about 5 months ago)
Last Updated
2022-05-21 (about 5 months ago)
Our Other Services
WPScan WordPress Security Plugin
check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
And it says click on the link to see more.
When I click on the link, all informations i have are :
Affects Plugins
disable-right-click-for-wp
No known fix
References
CVE
CVE-2022-29427
Classification
Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
Miscellaneous
Original Researcher
Rasi Afeef
Verified
Yes
WPVDB ID
e4ae4efb-ed4f-48a4-a4c2-80ed9a59e468
Timeline
Publicly Published
2022-05-04 (about 5 months ago)
Added
2022-05-21 (about 5 months ago)
Last Updated
2022-05-21 (about 5 months ago)
Our Other Services
WPScan WordPress Security Plugin
So, I would like what action can I make not to hav a message about CSRF of the plug in disable right click ?
Hi,
In this forum here, you will only find support staff for the plugin “All in One WP Security”. The message you’ve pasted above is about a different plugin, “Disable Right Click for WP”. That plugin’s support forum is here: https://ww.wp.xz.cn/support/topic/a-security-problem-with-disable-right-click/ . You should go there and post a message, and its authors will be able to advise you. We (All in One) have no relationship to that plugin that WPScan is advising you about.
David
