Lucene search
ChloeWPEX-ID:D776586C-5B31-482E-B209-A89C9873F21DHistoryMar 18, 2020 - 12:00 a.m.
Gutenberg & Elementor Templates Importer For Responsive < 2.2.6 - Unprotected AJAX Endpoints
2020-03-1800:00:00
Chloe
10
0.001 Low
EPSS
Percentile
43.5%
These flaws allowed any authenticated user, regardless of privilege level, the ability to execute various AJAX actions (23) that could reset site data, inject malicious JavaScript in pages, modify theme customizer data, import .xml and .json files, and activate plugins, among many other actions.
All of the vulnerable actions could be called with a simple request to /wp-admin/admin-ajax.php?action=[Vulnerable-Action] along with the appropriate parameters set, by any authenticated user, including users with minimal subscriber-level permissions.
Here is one example for importing XML:
URL/wp-admin/admin-ajax.php?action=responsive-ready-sites-import-xml&xml_path=https%3A%2F%2Fexample.com%2Fwp-content%2Fuploads%2Fsites%2F54%2Fwxr.xml
Related
cvelist
cvelist
CVE-2020-12073
2020-04-23 02:01:02
wpvulndb
wpvulndb
patchstack
patchstack
nvd
nvd
CVE-2020-12073
2020-04-23 02:15:11
prion
prion
Improper access control
2020-04-23 02:15:00
openvas
openvas
WordPress Responsive Ready Sites Importer Plugin < 2.2.6 IAC Vulnerability
2020-04-28 00:00:00
cve
cve
CVE-2020-12073
2020-04-23 02:15:11