9189618596

Description Plugin implements AJAX action acx_asmw_saveorder which calls back the function acx_asmw_saveorder_callback. The later does not implement any anti-CSRF controls thus allowing a malicious actor to perform an attack that could update plugin specific option social_widget_icon_array_order. Vulnerable param is $_POST[‘recordsArray’] and it is saved as an option with the name social_widget_icon_array_order. Leveraging a CSRF could… Read more »

Admin Menu Tree Page View [CSRF, Privilege Escalation]

Description Plugin implements AJAX action admin_menu_tree_page_view_add_page which calls back the function admin_menu_tree_page_view_add_page. The later does not implement any anti-CSRF controls or security checks. Leveraging a CSRF attack an attacker could perform a Persistent XSS attack if the victim has administrative rights (see PoC). The AJAX action is a privileged one so it’s only available for… Read more »

CMS Tree Page View [CSRF, Privilege Escalation]

Description Plugin implements AJAX action admin_menu_tree_page_view_move_page which calls back the function admin_menu_tree_page_view_move_page. The later does not implement any anti-CSRF controls or security checks. Exploiting this vulnerability a malicious actor can only change the order and/or parent of specified pages, so the damage is minimal. The AJAX action is a privileged one so it’s only available… Read more »

Admin Menu Tree Page View [CSRF, Privilege Escalation]

Description Plugin implements AJAX action admin_menu_tree_page_view_move_page which calls back the function admin_menu_tree_page_view_move_page. The later does not implement any anti-CSRF controls or security checks. Exploiting this vulnerability a malicious actor can only change the order and/or parent of specified pages, so the damage is minimal. The AJAX action is a privileged one so it’s only available… (720) 223-7381

embow

Description Plugin implements AJAX action cms_tpv_add_page which calls back the function cms_tpv_add_page. The later does not implement any anti-CSRF controls or security checks. Leveraging a CSRF attack an attacker could perform a Persistent XSS attack if the victim has administrative rights (see PoC). The AJAX action is a privileged one so it’s only available for… Read more »

(657) 224-3877

Description Plugin implements the AJAX action wpdm-install-addon which calls the function wpdm_install_addon. This function doesn’t take any anti-CSRF measures thus making it susceptible to those kind of attacks. What is interesting about this function though, is the fact that it provides plugin installation functionality for admin users. The origin of the package is defined by… Read more »

(903) 673-4752

Extra User Details plugin for WordPress suffers from a Privilege Escalation vulnerability

864-881-8878

WooCommerce – Store Toolkit Plugin plugin for WordPress suffers from a Privilege Escalation vulnerability