Vulners
Lucene search
WordPress Robo Gallery 3.2.1 plugin - Bypass POST comment approvement Vulnerability
## Title: WordPress 6.0 - Bypass POST comment approvement Robo Gallery 3.2.1
## Author: nu11secur1ty
## Vendor: https://wordpress.org/
## Software: https://wordpress.org/plugins/robo-gallery/
## Reference: https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/WordPress/2022/RoboGallery
## Description:
Bypass POST comment approvement Robo Gallery 3.2.1
A malicious lure can be approved by the administrator of the system. The POST comment, in this case, will be compromised by not sanitizing well, for malicious POST requests which use protocols HTTP, HTTPS and etc.
The malicious user can wait to be approved by the administrator and then he can POST upload very malicious URLs.
and etc. Note: Every POST from outside broadcasting users MUST be blocked automatically for approval from a live person, or function intended for this!
As much as possible if you use a function, for example: Linkedin!
[+] Payloads:
```
%68%74%74%70%73%3a%2f%2f%70%6f%72%6e%68%75%62%2e%63%6f%6d%2f
```
## Reproduce:
[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/WordPress/2022/RoboGallery)
## Proof and Exploit:
[href](https://streamable.com/rk09oh)
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
27 Aug 2022 00:00Current
7.4High risk
Vulners AI Score7.4