HashThemes Demo Importer < 1.1.2 - Improper Access Control to Blog Reset

2021-10-26T00:00:00
ID WPVDB-ID:826F3823-4A25-433A-9C69-A0573464A368
Type wpvulndb
Reporter wpvulndb
Modified 2021-10-26T14:55:00

Description

The plugin does not have capability checks in some of its AJAX action, relying on CSRF nonces for this, which are displayed for any authenticated users. As a result, a user with a role as low as subscriber could use the hdi_install_demo AJAX action to reset the entire blog (including the tables in the database except wp_options, wp_users, and wp_usermeta)