Lucene search
M0zeWPEX-ID:EEC0F29F-A985-4285-8EED-D1855D204A20HistoryMar 23, 2021 - 12:00 a.m.
Controlled Admin Access < 1.5.2 - Improper Access Control & Privilege Escalation
2021-03-2300:00:00
m0ze
94
improper access control
privilege escalation
uncontrolled access
website customization
global cms settings
complete compromise
attack vectors
temporary administrator
system privileges
full control
EPSS
0.275
Percentile
96.9%
An Improper Access Control vulnerability was discovered in the plugin. Uncontrolled access to the website customization functionality and global CMS settings, like /wp-admin/customization.php and /wp-admin/options.php, can lead to a complete compromise of the target resource. Even with the maximum restrictions for a temporary administrator account, several attack vectors are possible against the targeted website, the simplest and fastest is raising system privileges to the administrator level (w/o restrictions) and taking full control of the attacked website.
Created a temporary admin account via the plugin (/wp-admin/users.php?page=controlled_admin_access), with limited access and open the below URLs which should not be accessible
### -- [ PoC #1 | Improper Access Control | Customize: ]
[!] https://example.com/wp-admin/customize.php
### -- [ PoC #2 | Improper Access Control | All Settings: ]
[!] https://example.com/wp-admin/options.phpRelated
wpvulndb
wpvulndb
nuclei
nuclei
prion
prion
Improper access control
2021-04-12 14:15:00
cve
cve
CVE-2021-24215
2021-04-12 14:15:15
nvd
nvd
CVE-2021-24215
2021-04-12 14:15:15
cvelist
cvelist