CVE-2023-51474
📋 TL;DR
This CSRF vulnerability in the TerraClassifieds WordPress plugin allows attackers to trick authenticated users into performing unauthorized actions. It affects all WordPress sites using TerraClassifieds versions up to 2.0.3, potentially leading to account takeover.
💻 Affected Systems
- Pixelemu TerraClassifieds WordPress Plugin
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete account takeover where attackers can change user credentials, modify classified listings, or perform administrative actions on behalf of authenticated users.
Likely Case
Unauthorized modifications to user accounts or classified listings, potentially leading to data manipulation, privilege escalation, or content injection.
If Mitigated
Limited impact if proper CSRF protections are implemented at the application or web server level, though the vulnerability remains present.
🎯 Exploit Status
Exploitation requires tricking authenticated users into visiting malicious pages, but the attack itself is straightforward once the user is authenticated.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2.0.4 or later
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find TerraClassifieds and click 'Update Now'. 4. Verify update to version 2.0.4 or later.
🔧 Temporary Workarounds
Implement CSRF Protection Middleware
allAdd CSRF tokens to all forms and validate them server-side
Use WordPress Security Plugins
allInstall security plugins that add CSRF protection at the application level
🧯 If You Can't Patch
- Disable the TerraClassifieds plugin until patching is possible
- Implement web application firewall rules to detect and block CSRF attempts
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel > Plugins > Installed Plugins for TerraClassifieds versionCheck Version:
wp plugin list --name=terraclassifieds --field=versionVerify Fix Applied:
Verify TerraClassifieds plugin version is 2.0.4 or higher in WordPress admin📡 Detection & Monitoring
Log Indicators:
- Multiple failed authentication attempts followed by successful account modifications
- Unusual user account changes from unexpected IP addresses
Network Indicators:
- HTTP POST requests to TerraClassifieds endpoints without proper referrer headers
- Requests containing TerraClassifieds parameters from external domains
SIEM Query:
source="wordpress.log" AND ("terraclassifieds" OR "account_takeover") AND status=200 AND method=POST🔗 References
- https://patchstack.com/database/vulnerability/terraclassifieds/wordpress-terraclassifieds-plugin-2-0-3-cross-site-request-forgery-csrf-to-account-takeover-vulnerability?_s_id=cve
- https://patchstack.com/database/vulnerability/terraclassifieds/wordpress-terraclassifieds-plugin-2-0-3-cross-site-request-forgery-csrf-to-account-takeover-vulnerability?_s_id=cve
