module
WordPress WP GDPR Compliance Plugin Privilege Escalation
| Disclosed | Created |
|---|---|
| Nov 8, 2018 | Mar 19, 2019 |
Disclosed
Nov 8, 2018
Created
Mar 19, 2019
Description
The Wordpress GDPR Compliance plugin wordpress administration options by overwriting values within the database.
The vulnerability is present in WordPress’s admin-ajax.php, which allows unauthorized
users to trigger handlers and make configuration changes because of a failure to do
capability checks when executing the 'save_setting' internal action.
WARNING: The module sets Wordpress configuration options without reading their current
values and restoring them later.
The vulnerability is present in WordPress’s admin-ajax.php, which allows unauthorized
users to trigger handlers and make configuration changes because of a failure to do
capability checks when executing the 'save_setting' internal action.
WARNING: The module sets Wordpress configuration options without reading their current
values and restoring them later.
Authors
Mikey Veenstra (WordFence)
Thomas Labadie
Thomas Labadie
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.