WordPress Nictitate Theme <= 1.1.4 is vulnerable to Cross Site Request Forgery (CSRF)

Patch priority: low
Patch within 30 days Low priority
4.3
Medium severity CVSS 3.1 score
Published on 29 March, 2024

Claim ownership and start a managed Vulnerability Disclosure Program.

Apply for mVDP

Vulnerability description

Dhabaleshwar Das discovered and reported this Cross Site Request Forgery (CSRF) vulnerability in WordPress Nictitate Theme to Patchstack.

See tips for patching this kind of vulnerability

How to reproduce

The "Nictitate" theme lacks proper nonce implementation for the "dismiss_admin_notices" action, exposing users to Cross-Site Request Forgery (CSRF) attacks. This vulnerability could allow an attacker to perform malicious actions on behalf of the authenticated user without their consent.

1- First install the "Nictitate" theme and then activate it.

2- After activation, you would see a notice on top of the page, "This theme requires the following plugin: Kopa Nictitate Toolkit..........." just click on "Dismiss this notice" and then intercept the request, you'll see that no nonce is implemented in the request.

3- This absence of nonce causes CSRF attacks, wherein an attacker can forge a request to perform unauthorized actions on behalf of the user who is currently authenticated.


The crafted HTML request can be seen here:

<html>
<!-- CSRF PoC --->
<body>
<script>history.pushState('', '', '/')</script>
<form action="http://localhost/wordpress/wp-admin/themes.php">
<input type="hidden" name="tgmpa&#45;dismiss" value="dismiss&#95;admin&#95;notices" />
<input type="submit" value="Submit request" />
</form>
</body>
</html>

See researcher files below

Nictitate theme csrf.mp4

Nictitate theme csrf.PNG

How to disclose

To make the patching process easier and safer for all users, we recommend reading our memo about the most common vulnerabilities and the way these can be fixed. If you need help understanding some of the security concepts, don’t worry. That’s when we step in and help.

Please send us the patched version or code before releasing it, so we could help you avoid incomplete patches that could lead to inconveniences. Don’t delay security patch releases for other non-security updates. Ideally, security fixes would be released separately so users could update ASAP without fear of anything breaking. You can also join the free Patchstack mVDP program to have better control over the vulnerability patching and disclosure process.

Link to updated version
Request security audit instead
Software
Nictitate
Developer
Claim ownership
Type
Theme
PSID
020cf5aa1ba2
Vulnerable versions
<= 1.1.4
CVE
CVE-2024-31096
Classification
Cross Site Request Forgery (CSRF)
OWASP Top 10
A1: Broken Access Control
Required privilege
Unauthenticated
Credits
Dhabaleshwar Das Dhabaleshwar Das
Published
on 29 March, 2024
Start a managed security program with Patchstack as your point of contact. Apply for free
Request a security audit from our certified in-house security researchers. Request audit

Provide link to fix

© 2025 Patchstack DPA Privacy Policy Accessibility Terms & Conditions

Vulnerability mitigation

Pricing Application security (SCA) RapidMitigateNEW Threat Intelligence (API) Documentation VS Monarx VS Imunify360 VS Wordfence Log in

Code security

Managed VDP Security Suite BETANEW Active VDP directory944 Security auditing Compliance (CRA)NEW Log inNEW

Bug bounty

Bug bounty Leaderboard Guidelines LearnNEW Report Discord Log inNEW

Use cases

Web developers WebhostsNEW Software vendors WordPress WooCommerce

Resources

Vulnerability database Whitepaper 2025 Articles Case studiesNEW WebinarsNEW Vulnerability statistics

Patchstack

About Careers Merch store Media kit LinkedIn Facebook X
Mobile Menu

Let us know if we have missed a vulnerability reported elsewhere

Mobile Menu Close

Thank you for contributing!

Close Mobile Menu

Patch has been uploaded

Thank you for uploading the patch, we will look into the patch as soon as possible and get back at you.

Close