These flaws allowed any authenticated user, regardless of privilege level, the ability to execute various AJAX actions (23) that could reset site data, inject malicious JavaScript in pages, modify theme customizer data, import .xml and .json files, and activate plugins, among many other actions.
All of the vulnerable actions could be called with a simple request to /wp-admin/admin-ajax.php?action=[Vulnerable-Action] along with the appropriate parameters set, by any authenticated user, including users with minimal subscriber-level permissions. Here is one example for importing XML: URL/wp-admin/admin-ajax.php?action=responsive-ready-sites-import-xml&xml;_path=https%3A%2F%2Fexample.com%2Fwp-content%2Fuploads%2Fsites%2F54%2Fwxr.xml
CPE | Name | Operator | Version |
---|---|---|---|
responsive-add-ons | lt | 2.2.6 |