NOTE: While I was having this in my drafts for submission it was reported by another entity here Description Plugin implements the following AJAX actions: kiwi_social_share_get_option kiwi_social_share_get_option Those actions are used by the plugin to set plugin options. The problem the option name and value is user defined and no sanitization or validation is taking… Read more »
Type: Privilege Escalation
Admin Menu Tree Page View [CSRF, Privilege Escalation]
Description Plugin implements AJAX action admin_menu_tree_page_view_add_page which calls back the function admin_menu_tree_page_view_add_page. The later does not implement any anti-CSRF controls or security checks. Leveraging a CSRF attack an attacker could perform a Persistent XSS attack if the victim has administrative rights (see PoC). The AJAX action is a privileged one so it’s only available for… Read more »
CMS Tree Page View [CSRF, Privilege Escalation]
Description Plugin implements AJAX action cms_tpv_add_page which calls back the function cms_tpv_add_page. The later does not implement any anti-CSRF controls or security checks. Leveraging a CSRF attack an attacker could perform a Persistent XSS attack if the victim has administrative rights (see PoC). The AJAX action is a privileged one so it’s only available for… Read more »
Bulk Delete [Privilege Escalation]
“Bulk Delete” plugin for WordPress suffers from a privilege escalation vulnerability
Extra User Details [Privilege Escalation]
Extra User Details plugin for WordPress suffers from a Privilege Escalation vulnerability
WooCommerce – Store Toolkit [Privilege Escalation]
WooCommerce – Store Toolkit Plugin plugin for WordPress suffers from a Privilege Escalation vulnerability
User Meta Manager [Privilege Escalation]
User Meta Manager plugin for WordPress suffers from a Privilege Escalation vulnerability
WP Membership [Privilege Escalation]
WP Membership plugin for WordPress suffers from a Privilege Escalation vulnerability