CVE-2023-46201
📋 TL;DR
This CVE describes a Cross-Site Request Forgery (CSRF) vulnerability in the WordPress 'Auto Login New User After Registration' plugin that can lead to Stored Cross-Site Scripting (XSS). Attackers can trick authenticated users into performing unintended actions, potentially injecting malicious scripts that persist on the site. This affects all WordPress sites using the plugin versions up to 1.9.6.
💻 Affected Systems
- WordPress Auto Login New User After Registration plugin
📦 What is this software?
Auto Login New User After Registration by Auto Login New User After Registration Project
View all CVEs affecting Auto Login New User After Registration →
⚠️ Risk & Real-World Impact
Worst Case
Attackers could inject persistent malicious scripts that steal admin credentials, deface websites, or redirect users to malicious sites, potentially compromising the entire WordPress installation and user data.
Likely Case
Attackers inject malicious scripts that steal user session cookies or credentials, leading to account takeover and unauthorized access to the WordPress admin panel.
If Mitigated
With proper CSRF protections and input validation, the attack surface is minimized, though the vulnerable plugin version still poses some risk until patched.
🎯 Exploit Status
Exploitation requires tricking an authenticated user into clicking a malicious link or visiting a compromised page.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.9.7 or later
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find 'Auto Login New User After Registration'. 4. Click 'Update Now' if available, or manually update to version 1.9.7+. 5. Verify the plugin is active and functioning correctly.
🔧 Temporary Workarounds
Disable vulnerable plugin
allTemporarily deactivate the plugin until it can be updated to a secure version.
wp plugin deactivate auto-login-new-user-after-registration
Implement CSRF protection
allAdd WordPress nonce verification to plugin forms if customizing the plugin.
wp_nonce_field('action_name', 'nonce_name') in forms
wp_verify_nonce($_POST['nonce_name'], 'action_name') in processing
🧯 If You Can't Patch
- Disable the 'Auto Login New User After Registration' plugin immediately to eliminate the vulnerability.
- Implement a web application firewall (WAF) with CSRF and XSS protection rules to block exploitation attempts.
🔍 How to Verify
Check if Vulnerable:
Check the plugin version in WordPress admin under Plugins > Installed Plugins. If version is 1.9.6 or lower, the system is vulnerable.Check Version:
wp plugin get auto-login-new-user-after-registration --field=versionVerify Fix Applied:
Verify the plugin version is 1.9.7 or higher in the WordPress admin plugins list and test user registration functionality.📡 Detection & Monitoring
Log Indicators:
- Unusual POST requests to WordPress admin-ajax.php or plugin-specific endpoints
- Multiple failed user registration attempts from single IPs
- Suspicious referrer headers in access logs
Network Indicators:
- Unexpected cross-origin requests to WordPress admin endpoints
- Patterns of requests with missing or invalid nonce tokens
SIEM Query:
source="wordpress.log" AND (uri_path="/wp-admin/admin-ajax.php" OR uri_path CONTAINS "auto-login") AND (http_method="POST" AND NOT (referrer CONTAINS own_domain))🔗 References
- https://patchstack.com/database/vulnerability/auto-login-new-user-after-registration/wordpress-auto-login-new-user-after-registration-plugin-1-9-6-csrf-vulnerability?_s_id=cve
- https://patchstack.com/database/vulnerability/auto-login-new-user-after-registration/wordpress-auto-login-new-user-after-registration-plugin-1-9-6-csrf-vulnerability?_s_id=cve
