Lucene search

WpvulndbWPVDB-ID:CB7E0B14-80DE-4501-B89A-453C04439433

HistoryApr 04, 2024 - 12:00 a.m.

Classified Listing < 3.0.5 - Cross-Site Request Forgery to Account Takeover via rtcl_update_user_account

2024-04-0400:00:00

wpscan.com

classified listing

wordpress

cross-site request forgery

account takeover

rtcl_update_user_account

vulnerability

nonce validation

unauthenticated attackers

administrator account

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

6.6

Confidence

Low

EPSS

Percentile

15.5%

JSON

Description The Classified Listing – Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.0.4. This is due to missing or incorrect nonce validation on the ‘rtcl_update_user_account’ function. This makes it possible for unauthenticated attackers to change the administrator user’s password and email address via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. This locks the administrator out of the site and prevents them from resetting their password, while granting the attacker access to their account.

References

www.wordfence.com/threat-intel/vulnerabilities/id/5439651e-5557-4b13-813a-4fc0ad876104

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

6.6

Confidence

Low

EPSS

Percentile

15.5%

JSON

Related for WPVDB-ID:CB7E0B14-80DE-4501-B89A-453C04439433