Gutenberg & Elementor Templates Importer For Responsive < 2.2.6 - Unprotected AJAX Endpoints

2020-03-18T00:00:00
ID WPEX-ID:10137
Type wpexploit
Reporter Chloe
Modified 2020-04-24T00:00:00

Description

WordPress Vulnerability - Gutenberg & Elementor Templates Importer For Responsive < 2.2.6 - Unprotected AJAX Endpoints

                                        
                                            All of the vulnerable actions could be called with a simple request to /wp-admin/admin-ajax.php?action=[Vulnerable-Action] along with the appropriate parameters set, by any authenticated user, including users with minimal subscriber-level permissions.

Here is one example for importing XML: 
URL/wp-admin/admin-ajax.php?action=responsive-ready-sites-import-xml&xml_path=https%3A%2F%2Fexample.com%2Fwp-content%2Fuploads%2Fsites%2F54%2Fwxr.xml