/*! - # VULNERABILITY: Controlled Admin Access WordPress Plugin <= 1.4.0 - Improper Access Control & Privilege Escalation - # GOOGLE DORK: inurl:/wp-content/plugins/controlled-admin-access/ - # DATE: 2021-03-18 - # SECURITY RESEARCHER: m0ze [ https://m0ze.ru ] - # VENDOR: WPRuby [ https://wpruby.com ] - # SOFTWARE VERSION: <= 1.4.0 - # SOFTWARE LINK: https://wordpress.org/plugins/controlled-admin-access/ - # CVSS: AV:N/AC:L/PR:L/UI:N/S:U - # CWE: CWE-284 - # CVE: CVE-2021-24215 */ ### -- [ Info: ] [i] An Improper Access Control vulnerability was discovered in the Controlled Admin Access plugin through 1.4.0 for WordPress. [i] Uncontrolled access to the website customization functionality and global CMS settings, like /wp-admin/customization.php and /wp-admin/options.php, can lead to a complete compromise of the target resource. [i] Even with the maximum restrictions for a temporary administrator account, several attack vectors are possible against the targeted website, the simplest and fastest is raising system privileges to the administrator level (w/o restrictions) and taking full control of the attacked website. ### -- [ Impact: ] [~] Full compromise of the vulnerable web application and also web server. ### -- [ PoC #1 | Improper Access Control | Customize: ] [!] https://example.com/wp-admin/customize.php ### -- [ PoC #2 | Improper Access Control | All Settings: ] [!] https://example.com/wp-admin/options.php ### -- [ Contacts: ] [+] Website: m0ze.ru [+] GitHub: @m0ze [+] Telegram: @m0ze_ru [+] Twitter: @vladm0ze