logo
DATABASE RESOURCES PRICING ABOUT US

Multiple WP-Buy Plugins - Arbitrary Plugin Installation/Activation via Low Privilege User

Description

Low privileged users could use the AJAX action "cp_plugins_do_button_job_later_callback" from multiple plugins of the WP-Buy vendor, to install any plugin (including a specific version) from the WordPress repository, which helps attackers install vulnerable plugins and could lead to more critical vulnerabilities like RCE. Note (WPScanTeam): The same AJAX action could also be used to activate installed plugins on the blog.


Related