Lucene search

PRIOn knowledge basePRION:CVE-2023-3325

HistoryJun 20, 2023 - 5:15 a.m.

Authorization

2023-06-2005:15:00

PRIOn knowledge base

www.prio-n.com

cms commander

wordpress

authorization bypass

cryptographic signature

unauthenticated attackers

privilege escalation

remote control

admin access url

plugin vulnerability

severe impact

9.5 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

54.4%

JSON

The CMS Commander plugin for WordPress is vulnerable to authorization bypass due to the use of an insufficiently unique cryptographic signature on the ‘cmsc_add_site’ function in versions up to, and including, 2.287. This makes it possible for unauthenticated attackers to the plugin to change the ‘_cmsc_public_key’ in the plugin config, providing access to the plugin’s remote control functionalities, such as creating an admin access URL, which can be used for privilege escalation. This can only be exploited if the plugin has not been configured yet, however, if combined with another arbitrary plugin installation and activation vulnerability, the impact can be severe.

CPENameOperatorVersion
cms_commanderle2.287

CPE	Name	Operator	Version
	cms_commander	le	2.287

References

plugins.trac.wordpress.org/browser/cms-commander-client/tags/2.287/init.php

plugins.trac.wordpress.org/changeset/2927811/cms-commander-client

www.wordfence.com/threat-intel/vulnerabilities/id/ca37d453-9f9a-46b2-a17f-65a16e3e2ed1?source=cve