关联漏洞
标题:
WordPress plugin Square 安全漏洞
(CVE-2023-30486)
描述:WordPress和WordPress plugin都是WordPress基金会的产品。WordPress是一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。WordPress plugin是一个应用插件。 WordPress plugin Square 2.0.0版本及之前版本存在安全漏洞,该漏洞源于缺少授权。
描述
Square <= 2.0.0 - Missing Authorization via activate_plugin
介绍
# CVE-2023-30486
Square <= 2.0.0 - Missing Authorization via activate_plugin
# Description
The Square theme for WordPress is vulnerable to unauthorized plugin activation due to a missing capability check on the activate_plugin function called via an AJAX action in versions up to, and including, 2.0.0. This makes it possible for authenticated attackers , with subscriber-level access and above, to activate arbitrary plugins.
```
Missing Authorization
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
CVE CVE-2023-30486
CVSS 4.3 (Medium)
Publicly Published April 13, 2023
Last Updated January 22, 2024
Researcher Dave Jong - Patchstack
```
Links
---
https://patchstack.com/database/vulnerability/square/wordpress-square-theme-2-0-0-broken-access-control
https://themes.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=177729%40square&new=177729%40square&sfp_email=&sfph_mail=
POC
---
```
$ python3 CVE-2023-30486.py -u http://kubernetes.docker.internal -un user -p user
Logged in successfully.
hashthemes-demo-importe installed
```
Notes
---
Pointless CVE but i thought it would be fun to do a POC seems to only work if the hashthemes-demo-importer has never been installed before.
文件快照
[4.0K] /data/pocs/c0485dd84f235899228a3fc9ee0528695057544b
├── [2.9K] CVE-2023-30486.py
└── [1.2K] README.md
0 directories, 2 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。