CVE-2023-23890
📋 TL;DR
This CSRF vulnerability in the WP Airbnb Review Slider WordPress plugin allows attackers to trick authenticated administrators into performing unauthorized actions, specifically removing reviews from the site. It affects all WordPress sites running the plugin version 3.2 or earlier. The vulnerability requires an admin to be tricked into clicking a malicious link while logged in.
💻 Affected Systems
- LJ Apps WP Airbnb Review Slider WordPress Plugin
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Attackers could delete all Airbnb reviews from the website, damaging business reputation and potentially affecting SEO rankings and customer trust.
Likely Case
Targeted removal of specific negative reviews to manipulate the site's perceived reputation, or mass deletion of reviews as a form of vandalism.
If Mitigated
With proper CSRF protections in place, no unauthorized actions can be performed even if malicious links are clicked.
🎯 Exploit Status
Exploitation requires social engineering to trick an authenticated admin into clicking a malicious link. The technical exploit itself is simple once the admin is tricked.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 3.3 or later
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find 'WP Airbnb Review Slider'. 4. Click 'Update Now' if available. 5. If no update appears, manually download version 3.3+ from WordPress.org and replace the plugin files via FTP/SFTP.
🔧 Temporary Workarounds
Temporary Plugin Deactivation
allDeactivate the vulnerable plugin until patched to prevent exploitation.
wp plugin deactivate wp-airbnb-review-slider
CSRF Protection via Security Plugin
allUse a WordPress security plugin that adds CSRF protection to all forms and actions.
🧯 If You Can't Patch
- Implement strict access controls and limit admin privileges to only essential users.
- Educate administrators about phishing risks and implement policies against clicking untrusted links while logged in.
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel > Plugins > Installed Plugins for WP Airbnb Review Slider version number. If version is 3.2 or lower, you are vulnerable.Check Version:
wp plugin get wp-airbnb-review-slider --field=versionVerify Fix Applied:
After updating, verify the plugin version shows 3.3 or higher in the WordPress plugins list.📡 Detection & Monitoring
Log Indicators:
- Unusual review deletion patterns in WordPress logs
- Multiple DELETE requests to wp-admin/admin-ajax.php from unexpected sources
Network Indicators:
- HTTP POST requests to admin-ajax.php with 'action=wprev_delete_review' parameter from non-admin IPs
SIEM Query:
source="wordpress.log" AND "action=wprev_delete_review" AND NOT src_ip IN [admin_ip_list]🔗 References
- https://patchstack.com/database/vulnerability/wp-airbnb-review-slider/wordpress-wp-airbnb-review-slider-plugin-3-2-cross-site-request-forgery-csrf-leading-to-reviews-removal-vulnerability?_s_id=cve
- https://patchstack.com/database/vulnerability/wp-airbnb-review-slider/wordpress-wp-airbnb-review-slider-plugin-3-2-cross-site-request-forgery-csrf-leading-to-reviews-removal-vulnerability?_s_id=cve
