Lucene search
Apple502jWPEX-ID:1ADA2A96-32AA-4E37-809C-705DB6026E0BHistoryAug 23, 2021 - 12:00 a.m.
OMGF < 4.5.4 - Subscriber+ Arbitrary File/Folder Deletion
2021-08-2300:00:00
apple502j
324
omgf
subscriber
arbitrary file deletion
web developer
jquery.post
ajaxurl
exploit
EPSS
0.001
Percentile
25.1%
The plugin does not enforce path validation, authorisation and CSRF checks in the omgf_ajax_empty_dir AJAX action, which allows any authenticated users to delete arbitrary files or folders on the server.
As an authenticated user, with a role as low as subscriber, viewing the admin the dashboard (/wp-admin/index.php), run the below command in the Web Developer console of the web browser. This will delete /wp-content/index.php file ("silence is golden"). You can also do /../../../** or /../../../wp-admin/ or... (assuming you want to destroy the installation).
jQuery.post(ajaxurl,{action:"omgf_ajax_empty_dir",section:"/../../index.php"})Related
wpvulndb
wpvulndb
OMGF < 4.5.4 - Subscriber+ Arbitrary File/Folder Deletion
2021-08-23 00:00:00
cvelist
cvelist
CVE-2021-24639 OMGF < 4.5.4 - Subscriber+ Arbitrary File/Folder Deletion
2021-09-20 10:06:45
nvd
nvd
CVE-2021-24639
2021-09-20 10:15:09
cve
cve
CVE-2021-24639
2021-09-20 10:15:09
prion
prion
Cross site request forgery (csrf)
2021-09-20 10:15:00