CVE-2023-6532
📋 TL;DR
This vulnerability in the WP Blogs' Planetarium WordPress plugin allows attackers to trick logged-in administrators into changing plugin settings without their consent via Cross-Site Request Forgery (CSRF). Attackers can exploit this by getting an admin to visit a malicious webpage while authenticated. All WordPress sites using the vulnerable plugin are affected.
💻 Affected Systems
- WP Blogs' Planetarium WordPress Plugin
📦 What is this software?
Wp Blogs Planetarium by Wp Blogs Planetarium Project
⚠️ Risk & Real-World Impact
Worst Case
Attackers could modify plugin settings to inject malicious code, redirect users to phishing sites, disable security features, or compromise the entire WordPress site if settings control critical functionality.
Likely Case
Attackers would typically change settings to inject ads, redirect traffic, or modify content for SEO spam or phishing purposes.
If Mitigated
With proper CSRF protections in place, only authenticated users making intentional requests can modify settings, preventing unauthorized changes.
🎯 Exploit Status
Exploitation requires the attacker to trick a logged-in administrator into visiting a malicious page. No authentication bypass is needed as the attack leverages the admin's existing session.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Version 1.1 or later
Vendor Advisory: https://wpscan.com/vulnerability/05a730bc-2d72-49e3-a608-e4390b19e97f
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'WP Blogs' Planetarium' plugin. 4. Click 'Update Now' if update is available. 5. If no update is available, deactivate and delete the plugin immediately.
🔧 Temporary Workarounds
Deactivate Plugin
allTemporarily disable the vulnerable plugin until patched
wp plugin deactivate planetarium
Remove Plugin
allCompletely remove the vulnerable plugin
wp plugin delete planetarium
🧯 If You Can't Patch
- Implement strict access controls to limit admin panel access to trusted networks only
- Use browser extensions that block CSRF attacks or implement Content Security Policy (CSP) headers
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin → Plugins → Installed Plugins for 'WP Blogs' Planetarium'. If version is 1.0 or earlier, you are vulnerable.Check Version:
wp plugin get planetarium --field=versionVerify Fix Applied:
After updating, verify the plugin version shows 1.1 or later in WordPress admin panel.📡 Detection & Monitoring
Log Indicators:
- Unusual POST requests to /wp-admin/admin.php?page=planetarium from unexpected sources
- Multiple failed CSRF token validations in WordPress logs
Network Indicators:
- HTTP POST requests to plugin settings endpoints without proper Referer headers or CSRF tokens
SIEM Query:
source="wordpress.log" AND "admin.php?page=planetarium" AND ("POST" OR "CSRF")