Lucene search

K
wpexploitTill KrüssWPEX-ID:8E3E89FD-E380-4108-BE23-00E87FBAAD16
HistoryMar 26, 2021 - 12:00 a.m.

AccessAlly < 3.5.7 - $_SERVER Superglobal Leakage

2021-03-2600:00:00
Till Krüss
446

0.026 Low

EPSS

Percentile

90.4%

In the plugin, the file “resource/frontend/product/product-shortcode.php” responsible for the [accessally_order_form] shortcode is dumping serialize($_SERVER), which contains all environment variables. The leakage occurs on all public facing pages containing the [accessally_order_form] shortcode, no login or administrator role is required. AccessAlly 3.5.7 resolved the issue.

curl -s https://example.com | grep '<div id="accessally-testing-data"'

0.026 Low

EPSS

Percentile

90.4%

Related for WPEX-ID:8E3E89FD-E380-4108-BE23-00E87FBAAD16