CVE-2023-23795 – This CSRF vulnerability in the Muneeb Form Buil... (How to Fix)

Q: What is the severity of CVE-2023-23795?

CVE-2023-23795 has a CVSS score of 7.1 (HIGH). This CSRF vulnerability in the Muneeb Form Builder WordPress plugin allows attackers to trick authenticated administrators into performing unintended actions. Attackers can create malicious requests that, when executed by logged-in users, can delete posts or pages. WordPress sites using vulnerable plugin versions are affected.

📋 TL;DR

This CSRF vulnerability in the Muneeb Form Builder WordPress plugin allows attackers to trick authenticated administrators into performing unintended actions. Attackers can create malicious requests that, when executed by logged-in users, can delete posts or pages. WordPress sites using vulnerable plugin versions are affected.

💻 Affected Systems

Products:

Muneeb Form Builder (Contact Form Add)

Versions: <= 1.9.9.0

Operating Systems: Any OS running WordPress

Default Config Vulnerable: ⚠️ Yes

Notes: Requires WordPress installation with vulnerable plugin version. Only affects users with administrative privileges who can be tricked into performing actions.

📦 What is this software?

Form Builder by Web Settler

View all CVEs affecting Form Builder →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could delete all posts and pages on the WordPress site, causing complete content loss and site disruption.

🟠

Likely Case

Attackers delete selected posts/pages to cause content loss, defacement, or business disruption.

🟢

If Mitigated

With proper CSRF protections, no unauthorized actions can be performed even if users are tricked into clicking malicious links.

🌐 Internet-Facing: HIGH - WordPress sites are typically internet-facing, and CSRF attacks can be delivered via malicious websites or emails.

🏢 Internal Only: MEDIUM - Internal users could still be targeted via phishing or compromised internal sites.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

CSRF attacks are well-understood and easy to implement. Exploitation requires tricking authenticated admin users into clicking malicious links.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: > 1.9.9.0

Vendor Advisory: https://patchstack.com/database/vulnerability/contact-form-add/wordpress-form-builder-create-responsive-contact-forms-plugin-1-9-9-0-cross-site-request-forgery-csrf-leading-to-post-page-deletion-vulnerability?_s_id=cve

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'Form Builder - Create Responsive Contact Forms' plugin. 4. Click 'Update Now' if update available. 5. If no update available, deactivate and remove plugin, then install latest version from WordPress repository.

🔧 Temporary Workarounds

Implement CSRF Protection

all

Add CSRF tokens to plugin forms and validate them on submission

Requires code modification: Add wp_nonce_field() to forms and wp_verify_nonce() validation

Restrict Admin Access

all

Limit administrative access to trusted networks only

Add to .htaccess: Order Deny,Allow
Deny from all
Allow from 192.168.1.0/24
Or use WordPress security plugins to restrict admin access

🧯 If You Can't Patch

Deactivate and remove the vulnerable plugin immediately
Implement web application firewall (WAF) rules to block CSRF attempts

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin panel → Plugins → Installed Plugins. Look for 'Form Builder - Create Responsive Contact Forms' version <= 1.9.9.0.

Check Version:

wp plugin list --name='contact-form-add' --field=version (if WP-CLI installed)

Verify Fix Applied:

After update, verify plugin version is > 1.9.9.0 in WordPress admin panel.

📡 Detection & Monitoring

Log Indicators:

Multiple POST requests to wp-admin/admin-ajax.php with delete_post actions from unexpected sources
Sudden deletion of posts/pages in WordPress logs

Network Indicators:

HTTP POST requests containing delete_post action without proper referrer headers
Requests with predictable/nonce-less parameters

SIEM Query:

source="wordpress.log" action="delete_post" | stats count by src_ip, user_agent

📊 Metadata

CVE ID: CVE-2023-23795

CVSS v3 Score: 7.1 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H

CWE: CWE-352

Published: June 22, 2023

Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-23795, you might also want to check these: