Type: Privilege Escalation

Admin Menu Tree Page View [CSRF, Privilege Escalation]

Description Plugin implements AJAX action admin_menu_tree_page_view_add_page which calls back the function admin_menu_tree_page_view_add_page. The later does not implement any anti-CSRF controls or security checks. Leveraging a CSRF attack an attacker could perform a Persistent XSS attack if the victim has administrative rights (see PoC). The AJAX action is a privileged one so it’s only available for… Read more »

CMS Tree Page View [CSRF, Privilege Escalation]

Description Plugin implements AJAX action cms_tpv_add_page which calls back the function cms_tpv_add_page. The later does not implement any anti-CSRF controls or security checks. Leveraging a CSRF attack an attacker could perform a Persistent XSS attack if the victim has administrative rights (see PoC). The AJAX action is a privileged one so it’s only available for… Read more »