CVE-2022-50955
Cross-Site Request Forgery in Curtain WordPress Plugin
Publication date: 2026-05-10
Last updated on: 2026-05-10
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| leo | curtain | 1.0.2 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-352 | The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The WordPress Plugin Curtain version 1.0.2 contains a Cross-Site Request Forgery (CSRF) vulnerability. This flaw allows attackers to trick authenticated administrators into submitting forged requests that activate or deactivate the site's maintenance mode. The vulnerability exists because the plugin does not properly validate nonces, which are security tokens meant to prevent unauthorized actions. Attackers exploit this by sending malicious requests to the options-general.php page with specific parameters to toggle maintenance mode without proper authorization.
How can this vulnerability impact me? :
This vulnerability can impact you by allowing attackers to manipulate your website's maintenance mode settings without your consent. Specifically, attackers can force your site into maintenance mode or disable it, potentially causing disruption to your site's availability or user experience. Since the attack targets authenticated administrators, it could lead to unauthorized changes that affect site operations.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for unauthorized or suspicious HTTP requests targeting the options-general.php page with parameters related to the Curtain plugin's maintenance mode toggle.
Specifically, look for POST or GET requests that attempt to activate or deactivate maintenance mode without valid nonce validation.
Network or web server logs can be searched for such requests to identify potential exploitation attempts.
- Use tools like grep or similar to search web server logs for requests to options-general.php containing 'curtain' parameters.
- Example command to search Apache logs: grep 'options-general.php' /var/log/apache2/access.log | grep 'curtain'
- Monitor for unexpected POST requests to options-general.php from authenticated administrator IPs that do not include valid nonce tokens.
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to remove or deactivate the Curtain WordPress plugin version 1.0.2 from your site.
Since the plugin has been removed from the WordPress Plugin Directory due to this security issue, it is recommended not to use it.
Additionally, ensure that your WordPress installation and all plugins are updated to the latest versions to avoid similar vulnerabilities.
If removal is not immediately possible, restrict access to the options-general.php page to trusted administrators only and monitor for suspicious activity.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.