CVE-2018-8814
Description
Cross-site request forgery (CSRF) vulnerability in WolfCMS 0.8.3.1 allows remote attackers to hijack the authentication of users for requests that modify plugin/[pluginname]/settings by crafting a malicious request.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
WolfCMS 0.8.3.1 is vulnerable to CSRF, allowing attackers to modify plugin settings or uninstall plugins via crafted requests.
Vulnerability
WolfCMS 0.8.3.1 is affected by a cross-site request forgery (CSRF) vulnerability that allows remote attackers to perform actions on behalf of an authenticated administrator. The issue resides in the plugin settings functionality, where requests to plugin/[pluginname]/settings lack CSRF protection. This enables an attacker to modify plugin settings or uninstall plugins without the victim's consent. The vulnerability is present in version 0.8.3.1 and possibly earlier versions [1].
Exploitation
An attacker can exploit this vulnerability by crafting a malicious HTML page that automatically submits a form to the plugin settings save endpoint (e.g., /wolf/wolfcms/?/admin/plugin/archive/save). Alternatively, a direct GET request to /wolfcms/?/admin/setting/uninstall_plugin/[pluginname] can uninstall any plugin. The attacker must trick a logged-in administrator into visiting the malicious page or clicking a link. No additional authentication or privileges are required for the attacker; only user interaction is needed [1].
Impact
Successful exploitation allows the attacker to change plugin settings or uninstall plugins, potentially disrupting the functionality of the CMS. While this does not directly lead to data disclosure or privilege escalation, it could cause denial of service or pave the way for further attacks if critical plugins are removed. The impact is limited to the actions available in the plugin settings and uninstall functionality [1].
Mitigation
The vendor recommends upgrading to the latest release of WolfCMS, which includes a fix for this CSRF vulnerability. No specific patched version is mentioned, but users should update to any version newer than 0.8.3.1. No workarounds are provided, and the vulnerability is not listed on the CISA Known Exploited Vulnerabilities (KEV) catalog [1].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2Patches
0No patches discovered yet.
Vulnerability mechanics
Root cause
"Missing CSRF protection on plugin settings and uninstall endpoints allows attackers to forge authenticated requests."
Attack vector
An attacker crafts a malicious HTML page containing an auto-submitting form that targets the plugin settings save action, or a direct link that triggers plugin uninstallation. When a logged-in administrator visits the attacker's page, the browser automatically sends the forged POST request (or the victim clicks the crafted link), leveraging the victim's active session to perform the action without their consent [ref_id=1]. The attack requires no special network position beyond delivering the malicious page to an authenticated user.
Affected code
The vulnerability affects WolfCMS 0.8.3.1. The CSRF flaw exists in the plugin settings save endpoint (`/admin/plugin/archive/save`) and the plugin uninstall endpoint (`/admin/setting/uninstall_plugin/[pluginname]`). No patch diff is available in the bundle; the advisory identifies these as the vulnerable actions [ref_id=1].
What the fix does
The advisory does not include a patch or code diff. The recommended remediation is to upgrade to the latest release of WolfCMS [ref_id=1]. A proper fix would involve implementing CSRF tokens on all state-changing actions (plugin settings save and plugin uninstall) so that requests without a valid, session-bound token are rejected.
Preconditions
- authThe victim must be authenticated to WolfCMS with an active session
- inputThe attacker must deliver a crafted HTML page or link to the victim (e.g., via email, another website, or social engineering)
- configThe victim's browser must have cookies or session credentials for the target WolfCMS instance enabled
Reproduction
1. Log in to WolfCMS 0.8.3.1 as an administrator. 2. In another browser tab, open the attacker's HTML page containing the auto-submitting form targeting `http://[URL]/wolf/wolfcms/?/admin/plugin/archive/save` with a hidden `settings[use_dates]` parameter set to `1` and `commit` set to `Save`. 3. The form auto-submits via JavaScript, changing the plugin settings without the user's interaction. 4. Alternatively, visit `http://[url]/wolfcms/?/admin/setting/uninstall_plugin/[pluginname]` to uninstall a plugin [ref_id=1].
Generated on May 25, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
3- www.exploit-db.com/exploits/44418/mitreexploitx_refsource_EXPLOIT-DB
- docs.google.com/document/d/19X9j9lMVrH7VPhyMEdqidqgW4VBhXaFibuBDyiPxJjc/editmitrex_refsource_MISC
- github.com/wolfcms/wolfcms/issues/671mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.